Thanks Jakub.
I have received some follow up help from another person on this list who pointed that out to me as well. The problem seems to go deeper or possibly leads back to the openldap server. If I find any notable evidence or a solution I will post further.
John.
On 08/22/2013 01:25 AM, Jakub Hrozek wrote:
On Wed, Aug 21, 2013 at 02:25:20PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/21/2013 02:25 PM, John Uhlig wrote:
thanks for your prompt reply. I have attached the sssd-default logfile.
The cacert dir has been rehashed using cacertdir_rehash command.
I have tried the "ldap_tls_cacert" parameter as well - no luck.
I have also tried TLS and SSL ldap client configs - again - no luck.
I believe I have done the openssl and ldapsearch tests as per ssd and ldap web docs to confirm that the certificates and TLS are working correctly.
According to that log, the user was retrieved successfully and added to the cache:
(Wed Aug 21 11:04:00 2013) [sssd[be[default]]] [sdap_get_users_process] (0x4000): Saving 1 Users - Done
The line: (Wed Aug 21 11:04:00 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
is actually just informational (it means that we've hit the end of the loop through lookups we're performing).
So what exactly do you see when you run 'getent passwd localjoe'?
Also, what log message (if any) do you see in /var/log/secure coming from the pam_sss module? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users