Hello,
Since I can not find relevant information on web about this I would like to ask you about my current issue. Im my SSSD configuration I have two LDAP URIs, one defines as value of ldap_uri and other defined as value of ldap_backup_uri. These LDAP instances have different password and same LDAP admin DN. LDAP password for binding to the first LDAP instance is defined as value of the SSSD conf attribute: ldap_default_authtok but I can not find attribute that will store LDAP password for the second LDAP instance. Are there options for defining LDAP bind password to connect to LDAP server defined as value of ldap_backup_uri in the SSSD configuration or I must change the password of the second instance to match the one defined and used on the first LDAP instance?
Thank you in advance! BR, Hristina
Am Mon, Mar 13, 2023 at 10:34:43AM -0000 schrieb Hristina Marosevic:
Hello,
Since I can not find relevant information on web about this I would like to ask you about my current issue. Im my SSSD configuration I have two LDAP URIs, one defines as value of ldap_uri and other defined as value of ldap_backup_uri. These LDAP instances have different password and same LDAP admin DN. LDAP password for binding to the first LDAP instance is defined as value of the SSSD conf attribute: ldap_default_authtok but I can not find attribute that will store LDAP password for the second LDAP instance. Are there options for defining LDAP bind password to connect to LDAP server defined as value of ldap_backup_uri in the SSSD configuration or I must change the password of the second instance to match the one defined and used on the first LDAP instance?
Hi,
yes, the passwords for the given DN must be the same on all LDAP servers. Please note that it is not needed to use an "LDAP admin DN", a service account which can read all the default POSIX and user attributes is sufficient and should be prefrerred over an "admin" account.
HTH
bye, Sumit
Thank you in advance! BR, Hristina _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org