Also, many options from the ldap provider works for ad provider, too - it is a little
secret :)
O.
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: Friday, May 03, 2013 4:14 PM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] finding user - but says ldap result empty
Yes, Kerberos binding is in use in case of the ad provider. But you can override Kerberosl
realm configuration in sssd.conf (moreover, several realms can be configured in krb5.conf
- I do not see the conflict). All you need is valid machine principal in /etc/krb5.keytab
which can be easily obtained with 'net ads join'.
To me, the Kerberos setup is much easier/safer than hassling with the ldap bind user.
That said, the ldap provider should work, too Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Klavs Klavsen
Sent: Friday, May 03, 2013 4:05 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] finding user - but says ldap result empty
I tried switching to ad provider, but then it wants kerberos setup as well (and the client
must have a valid keytab file also - a rather manual and timeconsuming process).
Also - on some hosts, I use mod_auth_kerb in apache - and need to run that (and ONLY that)
against a test AD domain - and mod_auth_kerb can only use /etc/krb5.conf - so if sssd can
also only use /etc/krb5.conf (is that the case?) - then those would conflict - hence my
desire to use LDAP only for now :)
I can't see anywhere in the man page for sssd-ad, if I can disable kerberos/keytab
part?
Ondrej Valousek said the following on 05/03/2013 03:55 PM:
Suggest upgrading to the latest version of sssd in CentOS and use the
AD provider (man sssd-ad) instead.
You simplify the configuration and it would work :)
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Klavs
Klavsen
Sent: Friday, May 03, 2013 3:31 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] finding user - but says ldap result empty
Ohh - and an ldapsearch for same users gives this:
# klavs, Konsulenter, Brugere, My Company, sub.example.dk
dn: CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
Company,dc=sub,dc=example,DC=dk
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: klavs
sn: Klavsen
l: Hvidovre
title: Ekstern
description: valid user
postalCode: 2650
givenName: Klavs Thun
distinguishedName: CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
Company,DC=ks, DC=kk,DC=dk
instanceType: 4
whenCreated: 20121128112538.0Z
whenChanged: 20130429063611.0Z
displayName: Klavs Klavsen
uSNCreated: 282284965
memberOf: CN=AutomatiseringsRepository-WriteAccess,OU=Grupper,OU=My
Company,dc=sub,dc=example,DC=dk
memberOf: CN=Linux-Users,OU=Grupper,OU=My
Company,dc=sub,dc=example,DC=dk
uSNChanged: 296661668
streetAddress:: SMOmZGVyZGFsc3Zlag==
name: klavs
objectGUID:: HdeNtrTkd0iRRGGDfF6ZMw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 130117003214581477
lastLogoff: 0
lastLogon: 130120372138372081
scriptPath: logon.bat
pwdLastSet: 130077321450480274
primaryGroupID: 513
userParameters::
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI
CAgUAcaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44G
m44Cy44
...(more chars)
Sy5oi244y35pSy5oi25oi25pSy45C25oi25oy144C344i35pi245i246S25oy245S245Cy5oy144i
045Sz45iz45i144Cw
objectSid:: AQ...[cut]
accountExpires: 9223372036854775807
logonCount: 722
sAMAccountName: klavs
sAMAccountType: 805306368
userPrincipalName: klavs(a)sub.example.dk
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=dk
lastLogonTimestamp: 130116909538305016
mail: klavs(a)vsen.dk
mobile: 61000000
gidNumber: 5000
uidNumber: 5002
unixHomeDirectory: /home/klavs
Klavs Klavsen said the following on 05/03/2013 03:24 PM:
> Hi,
>
> I'm trying to make sssd work on CentOS-6.
>
> It seems to find the user in AD (Win 2003) - but it ends ups saying:
> ldap_result found nothing!
>
> I'm hoping someone can give me an idea, as to why :(
>
> Output (with debug_level=9 - slightly sanitized and anonymized) is:
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=klavs] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_id_op_connect_step] (0x4000): reusing
> cached connection (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_users_next_base] (0x0400): Searching for users with base
> [ou=Brugere,ou=My Company,dc=sub,dc=example,dc=dk] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x0400): calling ldap_search_ext with
> [(&(sAMAccountName=klavs)(objectclass=user))][ou=Brugere,ou=My
> Company,dc=sub,dc=example,dc=dk].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [sAMAccountName] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userPassword] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [unixHomeDirectory]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userPrincipalName]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x1000): Requesting attrs: [memberOf] (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting
> attrs: [nsUniqueId] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [modifyTimestamp] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowLastChange]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowWarning] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowInactive] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [shadowExpire] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbLastPwdChange]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbPasswordExpiration]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [pwdAttribute] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [authorizedService]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [accountExpires] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userAccountControl]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [nsAccountLock] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri
> May 3 15:10:25 2013) [sssd[be[default]]] [sdap_get_generic_ext_step]
> (0x1000): Requesting attrs: [loginDisabled] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting
> attrs:
> [loginExpirationTime]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [loginAllowedTimeMap]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
> 8 (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[0x17e8b60],
> ldap[0x17e97a0] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_entry]
> (0x4000): OriginalDN: [CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
> Company,DC=sub,DC=example,DC=dk].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [displayName] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf] (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [uSNChanged] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [userAccountControl] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [accountExpires] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [sAMAccountName] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [userPrincipalName] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [modifyTimeStamp] (Fri May 3
> 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [gidNumber] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [uidNumber] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [unixHomeDirectory] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[0x17e8b60],
> ldap[0x17e97a0] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri May 3 15:10:25
> 2013) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400):
> Search
> result: Success(0), no errmsg set (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_get_users_process] (0x0400): Search for
> users, returned 1 results.
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): start
> ldb transaction (nesting: 0) (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_save_user]
> (0x4000): Save user
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x2000): Adding originalDN [CN=klavs,OU=Konsulenter,OU=Brugere,OU=My
> Company,DC=sub,DC=example,DC=dk] to attributes o f [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x1000): Adding original memberOf attributes to [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20130429063553.0Z] to attributes of [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x1000): Adding user principal [klavs(a)SUB.EXAMPLE.DK] to attributes
> of [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMin is not available for
> [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
> [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowWarning is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowExpire is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
> [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): krbLastPwdChange is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): krbPasswordExpiration is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): pwdAttribute is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding adAccountExpires
> [9223372036854775807] to attributes of [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding adUserAccountControl
> [512] to attributes of [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): nsAccountLock is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedHost is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginExpirationTime is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not
> available for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available
> for [klavs].
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sdap_save_user]
> (0x0400): Storing info for user klavs
>
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [userPassword] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [loginShell] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [uniqueID] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowLastChange] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowMin] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowMax] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowWarning] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowInactive] from [klavs] (Fri May
> 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowExpire] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [shadowFlag] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [krbLastPwdChange] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [krbPasswordExpiration] from [klavs]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [pwdAttribute] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [authorizedService] from [klavs] (Fri
> May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [nsAccountLock] from [klavs] (Fri May 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [authorizedHost] from [klavs] (Fri May
> 3
> 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginDisabled] from [klavs] (Fri May
> 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginExpirationTime] from [klavs]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [sysdb_remove_attrs]
> (0x2000): Removing attribute [ndsLoginAllowedTimeMap] from [klavs]
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): cancel
> ldb transaction (nesting: 3) (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [ldb] (0x4000): commit ldb transaction (nesting:
> 2) (Fri May 3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1) (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_save_users]
> (0x4000): User 0 processed!
> (Fri May 3 15:10:25 2013) [sssd[be[default]]] [ldb] (0x4000): commit
> ldb transaction (nesting: 0) (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [sdap_get_users_process] (0x4000): Saving 1 Users
> - Done (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_id_op_done]
> (0x4000): releasing operation connection (Fri May 3 15:10:25 2013)
> [sssd[be[default]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success (Fri May 3
> 15:10:25
> 2013) [sssd[be[default]]] [sdap_process_result]
> (0x2000): Trace: sh[0x17e9bf0], connected[1], ops[(nil)],
> ldap[0x17e97a0] (Fri May 3 15:10:25 2013) [sssd[be[default]]]
> [sdap_process_result]
> (0x2000): Trace: ldap_result found nothing!
>
> sssd.conf:
> [domain/default]
> debug_level = 9
> enumerate = false
> min_id = 5000
> ldap_id_use_start_tls = False
> cache_credentials = True
> #these two are ACTUALLY written with
EXAMPLE.COM - as I don't want
> kerberos right now - just LDAP krb5_realm =
EXAMPLE.COM krb5_server =
>
kerberos.example.com id_provider = ldap auth_provider = ldap
> chpass_provider = ldap ldap_uri = ldaps://dc01.sub.example.dk
> ldap_tls_cacertdir = /etc/openldap/cacerts ldap_referrals = true
> ldap_default_bind_dn = ldap(a)sub.example.dk ldap_default_authtok_type
> = password ldap_default_authtok = mypassword
>
> ldap_schema = rfc2307bis
> ldap_user_object_class = user
> ldap_user_home_directory = unixHomeDirectory ldap_user_principal =
> userPrincipalName ldap_user_search_scope = sub ldap_user_search_base
> = ou=Brugere,ou=My Company,dc=sub,dc=example,dc=dk ldap_search_base =
> OU=My Company,dc=sub,dc=example,DC=dk ldap_group_search_base =
> ou=Grupper,ou=My Company,dc=sub,dc=example,dc=dk
> ldap_group_object_class = group ldap_access_order = expire
> ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
> ldap_user_name = sAMAccountName ldap_user_uid_number = uidNumber
> ldap_user_gid_number = gidNumber ldap_user_gecos = displayName
> #ldap_user_shell = msSFU30LoginShell
>
> [sssd]
> services = nss, pam
> config_file_version = 2
>
> domains = default
>
--
Regards,
Klavs Klavsen, GSEC - kl(a)vsen.dk -
http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
- Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org