sssd and ldap config
Michael Cronenworth
mike at cchtml.com
Wed Jun 9 16:58:29 UTC 2010
Stephen Gallagher wrote:
> Michael, please post your [sanitized] sssd.conf somewhere. Right now, my
> best guess would be that you are using LDAPS or LDAP+TLS and are having
> a certificate error.
Yes, I don't have a CA cert, so it will not pass a cert test. I have
"tls_checkpeer no" in my /etc/ldap.conf. Is there something similar for
sssd? I could not find it in the man pages.
[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_search_base = dc=domain,dc=com
krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_id_use_start_tls = True
debug_level = 0
min_id = 1000
ldap_uri = ldap://intranet.domain.com/
krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
>
> My second-best guess is that your users' UID or primary GID is< 1000,
> which is ignored by SSSD by default. (We've decided upstream that we're
> going to change this default to 1, as so many people have hit it).
I do have a few > 500 and < 1000 users, but I tested against UIDs of >
1000 and getent failed for them as well.
More information about the users
mailing list