Re: [SSSD-users] issue binding to LDAP using SSSD

Hey All This is my first attempt at getting sssd working. A little background. I have a RHEL 6 server that is located on a secure DMZ like subnet, there is an ldap server running on the network which I would like to authenticate my server to. I have followed several guides (sssd fedora guide, official red hat guide and several others), but just can't seem to get the binding to work. I have tested binding with the ldapsearch commands and that seems to work, however SSSD continues to have issues. I am binding on 389 with TLS. I can successfully bind and see all the users and other attributes with the following ldapsearch command:

$ldapsearch -x -ZZ -H ldap://myhost.mydomain.com -b o=MYORG This is what my /etc/sssd/sssd.conf looks like: [sssd] config_file_version = 2 services = nss, pam domains = LDAP [nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 300 [pam] [domain/LDAP] access_provider = ldap id_provider = ldap auth_provider = ldap chpass_provider = ldap access_provider = ldap ldap_access_filter = allow ldap_schema = rfc2307 ldap_uri = ldap://myhost.mydomain.com ldap_search_base = o=MYORG ldap_user_search_base = ou=PEOPLE,o=MYORG enumerate = True cache_credentials = true ldap_tls_reqcert = allow ldap_tls_cacertdir = /etc/openldap/certs ldap_id_use_start_tls = true ldap_default_bind_dn = cn=ldaplookup,o=services ldap_default_authtok_type = password ldap_default_authtok = XXXXXXXX debug_level = 9 I have also tried binding anonymous, which also fails. This is what I see in my sssd log file: http://pastebin.com/j1XVRR65 Thanks! -- Ben Lewis

_______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users