On Tue, Aug 05, 2014 at 02:07:16PM +0000, Sterling Sahaydak wrote:
Jakub!
That worked!!!!! Many many many thanks!!!!!
I did go back and re-enabled - disallow_bind_anon
What I need to look at next is 'hardening' the setup I have.
Is there a web page explaining 'best practices' or things you want to do for
a production setup?
Use SSL/TLS, mainly, to avoid sending clear text password over the wire.
SSSD even doesn't authenticate users w/o encryption in place.
You recommended of not using cn=Manager - understand, is there a recommended
account schema to use?
non posix account since I'm using it as part of my search filter?
If you're fine using a ldap bind + password, then you can just create a
'service' user you bind as. It can be any entry, no special schema is
necessary, it just has to have a DN and a password. The bind user is not
part of any filter.
Seems like I'm using SASL now and was wondering is there a way also to get
around of having a password
Umm are you sure you're using SASL? We only support GSSAPI as a SASL
mech now..