On Tue, Feb 7, 2012 at 5:38 PM, Stephen Gallagher
<sgallagh(a)redhat.com> wrote:
On Tue, 2012-02-07 at 17:28 +0100, Marco Pizzoli wrote:
>
>
> According to that, your LDAP server doesn't support
any
> authentication
> except GSSAPI (probably Kerberos). Obviously
ldapsearch still
> works, so
> it looks to me like the LDAP server isn't properly
reporting
> what it
> reports.
>
> Please open a bug. SSSD should be assuming that we
always
> support
> SIMPLE.
>
> Done.
https://fedorahosted.org/sssd/ticket/1180
>
> Please, could you tell me if this problem will be targeted
for 1.7.x
> or 1.8 release?
Actually, on further investigation, this shouldn't be an
issue. Can you
confirm that you are NOT setting ldap_sasl_mech in your
sssd.conf? It's
not listed in your first email, but did you maybe leave it
out?
It seems you found my fault :-( I surely overlooked the meaning of the
word "none" on the man page. This is it:
ldap_sasl_mech = none
The code that checks for this should be skipped if
ldap_sasl_mech is
unset.
Would you mind checking your startup logs at level 6 to see
what value
is being reported for ldap_sasl_mech?
Done. As already reported: ldap_sasl_mech = none
I commented that directive, restarted sssd and now I see it working
and obtaining my groups from the LDAP server.
I still don't see my users and groups, but this is another story.
Thanks a lot and apologize for the noise.
Marco
Ah, yeah. That should be "not set" rather than "none".
We'll have to fix that in 1.9 (we're past string freeze for 1.8)