On Mon, Feb 09, 2015 at 07:50:32AM -0700, Ben Lewis wrote:
Hey All
This is my first attempt at getting sssd working. A little background.
I have a RHEL 6 server that is located on a secure DMZ like subnet, there
is an ldap server running on the network which I would like to authenticate
my server to. I have followed several guides (sssd fedora guide, official
red hat guide and several others), but just can't seem to get the binding
to work.
I have tested binding with the ldapsearch commands and that seems to work,
however SSSD continues to have issues.
I am binding on 389 with TLS. I can successfully bind and see all the users
and other attributes with the following ldapsearch command:
There is a
(Mon Feb 9 07:45:57 2015) [sssd[be[LDAP]]] [sdap_get_generic_ext_done] (0x0400): Search
result: Other (e.g., implementation specific) error(80), NDS error: remote failure (-635)
error message in your log. -635 means an error on the LDAP server maybe
because it failed to access some other network resources. Please check
your server logs for details.
The LDAP request causing this error message is
$ldapsearch -x -ZZ -H
ldap://myhost.mydomain.com -b o=MYORG
'(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*))'
Does this work if you call it from the command line or do you get the
same error?
bye,
Sumit
$ldapsearch -x -ZZ -H
ldap://myhost.mydomain.com -b o=MYORG
This is what my /etc/sssd/sssd.conf looks like:
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
[pam]
[domain/LDAP]
access_provider = ldap
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_access_filter = allow
ldap_schema = rfc2307
ldap_uri =
ldap://myhost.mydomain.com
ldap_search_base = o=MYORG
ldap_user_search_base = ou=PEOPLE,o=MYORG
enumerate = True
cache_credentials = true
ldap_tls_reqcert = allow
ldap_tls_cacertdir = /etc/openldap/certs
ldap_id_use_start_tls = true
ldap_default_bind_dn = cn=ldaplookup,o=services
ldap_default_authtok_type = password
ldap_default_authtok = XXXXXXXX
debug_level = 9
I have also tried binding anonymous, which also fails. This is what I see
in my sssd log file:
http://pastebin.com/j1XVRR65
Thanks!
--
Ben Lewis
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users