Re: [SSSD-users] finding user - but says ldap result empty

Friday, 3 May 2013

Also, many options from the ldap provider works for ad provider, too - it is a little
secret :)
O.

-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: Friday, May 03, 2013 4:14 PM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] finding user - but says ldap result empty

Yes, Kerberos binding is in use in case of the ad provider. But you can override Kerberosl
realm configuration in sssd.conf (moreover, several realms can be configured in krb5.conf
- I do not see the conflict). All you need is valid machine principal in /etc/krb5.keytab
which can be easily obtained with 'net ads join'.
To me, the Kerberos setup is much easier/safer than hassling with the ldap bind user.

That said, the ldap provider should work, too Ondrej

-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Klavs Klavsen
Sent: Friday, May 03, 2013 4:05 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] finding user - but says ldap result empty

I tried switching to ad provider, but then it wants kerberos setup as well (and the client
must have a valid keytab file also - a rather manual and timeconsuming process).

Also - on some hosts, I use mod_auth_kerb in apache - and need to run that (and ONLY that)
against a test AD domain - and mod_auth_kerb can only use /etc/krb5.conf - so if sssd can
also only use /etc/krb5.conf (is that the case?) - then those would conflict - hence my
desire to use LDAP only for now :)

I can't see anywhere in the man page for sssd-ad, if I can disable kerberos/keytab
part?

Ondrej Valousek said the following on 05/03/2013 03:55 PM:
...
 Suggest upgrading to the latest version of sssd in CentOS and use the
AD provider (man sssd-ad) instead.
 You simplify the configuration and it would work :)

 -----Original Message-----
 From: sssd-users-bounces(a)lists.fedorahosted.org
 [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Klavs 
 Klavsen
 Sent: Friday, May 03, 2013 3:31 PM
 To: sssd-users(a)lists.fedorahosted.org
 Subject: Re: [SSSD-users] finding user - but says ldap result empty

 Ohh - and an ldapsearch for same users gives this:
 # klavs, Konsulenter, Brugere, My Company, sub.example.dk
 dn: CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
 Company,dc=sub,dc=example,DC=dk
 objectClass: top
 objectClass: person
 objectClass: organizationalPerson
 objectClass: user
 cn: klavs
 sn: Klavsen
 l: Hvidovre
 title: Ekstern
 description: valid user
 postalCode: 2650
 givenName: Klavs Thun
 distinguishedName: CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
 Company,DC=ks, DC=kk,DC=dk
 instanceType: 4
 whenCreated: 20121128112538.0Z
 whenChanged: 20130429063611.0Z
 displayName: Klavs Klavsen
 uSNCreated: 282284965
 memberOf: CN=AutomatiseringsRepository-WriteAccess,OU=Grupper,OU=My
 Company,dc=sub,dc=example,DC=dk
 memberOf: CN=Linux-Users,OU=Grupper,OU=My 
 Company,dc=sub,dc=example,DC=dk
 uSNChanged: 296661668
 streetAddress:: SMOmZGVyZGFsc3Zlag==
 name: klavs
 objectGUID:: HdeNtrTkd0iRRGGDfF6ZMw==
 userAccountControl: 512
 badPwdCount: 0
 codePage: 0
 countryCode: 0
 badPasswordTime: 130117003214581477
 lastLogoff: 0
 lastLogon: 130120372138372081
 scriptPath: logon.bat
 pwdLastSet: 130077321450480274
 primaryGroupID: 513
 userParameters::
 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI

 CAgUAcaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44G
 m44Cy44
 ...(more chars)
    Sy5oi244y35pSy5oi25oi25pSy45C25oi25oy144C344i35pi245i246S25oy245S245Cy5oy144i
    045Sz45iz45i144Cw
 objectSid:: AQ...[cut]
 accountExpires: 9223372036854775807
 logonCount: 722
 sAMAccountName: klavs
 sAMAccountType: 805306368
 userPrincipalName: klavs(a)sub.example.dk
 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=dk
 lastLogonTimestamp: 130116909538305016
 mail: klavs(a)vsen.dk
 mobile: 61000000
 gidNumber: 5000
 uidNumber: 5002
 unixHomeDirectory: /home/klavs

 Klavs Klavsen said the following on 05/03/2013 03:24 PM:
> Hi,
>
> I'm trying to make sssd work on CentOS-6.
>
> It seems to find the user in AD (Win 2003) - but it ends ups saying:
> ldap_result found nothing!
>
> I'm hoping someone can give me an idea, as to why :(
>
> Output (with debug_level=9 - slightly sanitized and anonymized) is:
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=klavs] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_id_op_connect_step] (0x4000): reusing 
> cached connection (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_users_next_base] (0x0400): Searching for users with base 
> [ou=Brugere,ou=My Company,dc=sub,dc=example,dc=dk] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x0400): calling ldap_search_ext with 
> [(&(sAMAccountName=klavs)(objectclass=user))][ou=Brugere,ou=My
> Company,dc=sub,dc=example,dc=dk].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [sAMAccountName] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userPassword] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [unixHomeDirectory]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userPrincipalName]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x1000): Requesting attrs: [memberOf] (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting
> attrs: [nsUniqueId] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [modifyTimestamp] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowLastChange]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowWarning] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowInactive] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowExpire] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbLastPwdChange]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbPasswordExpiration]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [pwdAttribute] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [authorizedService]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [accountExpires] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userAccountControl]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [nsAccountLock] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri 
> May  3 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x1000): Requesting attrs: [loginDisabled] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting
> attrs:
> [loginExpirationTime]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [loginAllowedTimeMap]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
> 8 (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[0x17e8b60], 
> ldap[0x17e97a0] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_entry]
> (0x4000): OriginalDN: [CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
> Company,DC=sub,DC=example,DC=dk].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [displayName] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf] (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [uSNChanged] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [userAccountControl] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [accountExpires] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [sAMAccountName] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [userPrincipalName] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [modifyTimeStamp] (Fri May  3
> 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [gidNumber] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [uidNumber] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [unixHomeDirectory] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[0x17e8b60], 
> ldap[0x17e97a0] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri May  3 15:10:25
> 2013) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400): 
> Search
> result: Success(0), no errmsg set (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_get_users_process] (0x0400): Search for 
> users, returned 1 results.
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): start 
> ldb transaction (nesting: 0) (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_save_user]
> (0x4000): Save user
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x2000): Adding originalDN [CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
> Company,DC=sub,DC=example,DC=dk] to attributes o f [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x1000): Adding original memberOf attributes to [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp 
> [20130429063553.0Z] to attributes of [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x1000): Adding user principal [klavs(a)SUB.EXAMPLE.DK] to attributes 
> of [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMin is not available for 
> [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for 
> [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowWarning is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowExpire is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for 
> [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): krbLastPwdChange is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): krbPasswordExpiration is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): pwdAttribute is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): Adding adAccountExpires 
> [9223372036854775807] to attributes of [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): Adding adUserAccountControl 
> [512] to attributes of [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): nsAccountLock is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedHost is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginExpirationTime is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not 
> available for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available 
> for [klavs].
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x0400): Storing info for user klavs
>
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [userPassword] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [loginShell] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [uniqueID] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowLastChange] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowMin] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowMax] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowWarning] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowInactive] from [klavs] (Fri May
> 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowExpire] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowFlag] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [krbLastPwdChange] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [krbPasswordExpiration] from [klavs] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [pwdAttribute] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [authorizedService] from [klavs] (Fri 
> May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [nsAccountLock] from [klavs] (Fri May  3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [authorizedHost] from [klavs] (Fri May
> 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginDisabled] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginExpirationTime] from [klavs] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginAllowedTimeMap] from [klavs] 
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): cancel 
> ldb transaction (nesting: 3) (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [ldb] (0x4000): commit ldb transaction (nesting:
> 2) (Fri May  3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1) (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_save_users]
> (0x4000): User 0 processed!
> (Fri May  3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): commit 
> ldb transaction (nesting: 0) (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [sdap_get_users_process] (0x4000): Saving 1 Users
> - Done (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_id_op_done]
> (0x4000): releasing operation connection (Fri May  3 15:10:25 2013) 
> [sssd[be[default]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success (Fri May  3
> 15:10:25
> 2013) [sssd[be[default]]] [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[(nil)], 
> ldap[0x17e97a0] (Fri May  3 15:10:25 2013) [sssd[be[default]]] 
> [sdap_process_result]
> (0x2000): Trace: ldap_result found nothing!
>
> sssd.conf:
> [domain/default]
> debug_level = 9
> enumerate = false
> min_id = 5000
> ldap_id_use_start_tls = False
> cache_credentials = True
> #these two are ACTUALLY written with EXAMPLE.COM - as I don't want 
> kerberos right now - just LDAP krb5_realm = EXAMPLE.COM krb5_server = 
> kerberos.example.com id_provider = ldap auth_provider = ldap 
> chpass_provider = ldap ldap_uri = ldaps://dc01.sub.example.dk 
> ldap_tls_cacertdir = /etc/openldap/cacerts ldap_referrals = true 
> ldap_default_bind_dn = ldap(a)sub.example.dk ldap_default_authtok_type 
> = password ldap_default_authtok = mypassword
>
> ldap_schema = rfc2307bis
> ldap_user_object_class = user
> ldap_user_home_directory = unixHomeDirectory ldap_user_principal = 
> userPrincipalName ldap_user_search_scope = sub ldap_user_search_base 
> = ou=Brugere,ou=My Company,dc=sub,dc=example,dc=dk ldap_search_base = 
> OU=My Company,dc=sub,dc=example,DC=dk ldap_group_search_base = 
> ou=Grupper,ou=My Company,dc=sub,dc=example,dc=dk 
> ldap_group_object_class = group ldap_access_order = expire 
> ldap_account_expire_policy = ad ldap_force_upper_case_realm = true 
> ldap_user_name = sAMAccountName ldap_user_uid_number = uidNumber 
> ldap_user_gid_number = gidNumber ldap_user_gecos = displayName 
> #ldap_user_shell = msSFU30LoginShell
>
> [sssd]
> services = nss, pam
> config_file_version = 2
>
> domains = default
>

 --
 Regards,
 Klavs Klavsen, GSEC - kl(a)vsen.dk - http://www.vsen.dk - Tlf. 61281200

 "Those who do not understand Unix are condemned to reinvent it, poorly."
     --Henry Spencer

 _______________________________________________
 sssd-users mailing list
 sssd-users(a)lists.fedorahosted.org
 https://lists.fedorahosted.org/mailman/listinfo/sssd-users
 _______________________________________________
 sssd-users mailing list
 sssd-users(a)lists.fedorahosted.org
 https://lists.fedorahosted.org/mailman/listinfo/sssd-users

--
Regards,
Klavs Klavsen, GSEC - kl(a)vsen.dk - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer

_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [SSSD-users] finding user - but says ldap result empty