Hey All

This is my first attempt at getting sssd working. A little background.

I have a RHEL 6 server that is located on a secure DMZ like subnet, there is an ldap server running on the network which I would like to authenticate my server to. I have followed several guides (sssd fedora guide, official red hat guide and several others), but just can't seem to get the binding to work.

I have tested binding with the ldapsearch commands and that seems to work, however SSSD continues to have issues.

I am binding on 389 with TLS. I can successfully bind and see all the users and other attributes with the following ldapsearch command:

$ldapsearch -x -ZZ -H ldap://myhost.mydomain.com -b o=MYORG

This is what my /etc/sssd/sssd.conf looks like:

[sssd]

config_file_version = 2

services = nss, pam

domains = LDAP

[nss]

filter_groups = root

filter_users = root

reconnection_retries = 3

entry_cache_timeout = 300

[pam]

[domain/LDAP]

access_provider = ldap

id_provider = ldap

auth_provider = ldap

chpass_provider = ldap

access_provider = ldap

ldap_access_filter = allow

ldap_schema = rfc2307

ldap_uri = ldap://myhost.mydomain.com

ldap_search_base = o=MYORG

ldap_user_search_base = ou=PEOPLE,o=MYORG

enumerate = True

cache_credentials = true

ldap_tls_reqcert = allow

ldap_tls_cacertdir = /etc/openldap/certs

ldap_id_use_start_tls = true

ldap_default_bind_dn = cn=ldaplookup,o=services

ldap_default_authtok_type = password

ldap_default_authtok = XXXXXXXX

debug_level = 9

I have also tried binding anonymous, which also fails. This is what I see in my sssd log file:

http://pastebin.com/j1XVRR65

Thanks!

Ben Lewis