Hey All
This is my first attempt at getting sssd working. A little background.
I have a RHEL 6 server that is located on a secure DMZ like subnet, there
is an ldap server running on the network which I would like to authenticate
my server to. I have followed several guides (sssd fedora guide, official
red hat guide and several others), but just can't seem to get the binding
to work.
I have tested binding with the ldapsearch commands and that seems to work,
however SSSD continues to have issues.
I am binding on 389 with TLS. I can successfully bind and see all the users
and other attributes with the following ldapsearch command:
$ldapsearch -x -ZZ -H
ldap://myhost.mydomain.com -b o=MYORG
This is what my /etc/sssd/sssd.conf looks like:
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
[pam]
[domain/LDAP]
access_provider = ldap
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_access_filter = allow
ldap_schema = rfc2307
ldap_uri =
ldap://myhost.mydomain.com
ldap_search_base = o=MYORG
ldap_user_search_base = ou=PEOPLE,o=MYORG
enumerate = True
You can reach limit of returned entries on your LDAP server with
enabled
enumeration. If you do not need enumeration please disable it.
Otherwise you need to configure your LDAP that "cn=ldaplookup,o=services"
is able to fetch bigger count of LDAP entries.
LS