Fedora 14: GDM, sssd and LDAP authentication

Stephen Gallagher sgallagh at redhat.com
Thu Nov 11 12:11:22 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/10/2010 03:08 PM, Rick Stevens wrote:
> On 11/10/2010 11:14 AM, Stephen Gallagher wrote:
> On 11/10/2010 10:18 AM, Bernd Nies wrote:
>>>>
>>>>
>>>>
>>>> Hi Stephen,
>>>>
>>>> Here's the log output of the various sssd logfiles.
> ...
>>>> (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind
>>>> result: Invalid credentials(49), (null)
> 
> 
> This message says that the credentials presented by the client are being
> denied by the server. Usually, this means that you mistyped the password.
> 
>> Actually, that means that the client isn't binding to the LDAP server.
>> Anonymous simple binds were disabled by default a while ago with LDAP
>> V3.
> 
>> Check the slapd.conf for the LDAP server.  To permit classic anonymous
>> simple binds, you MUST have
> 
>> 	allow bind_v2 bind_anon_cred bind_anon_dn
> 
>> in it or anonymous simple binds won't be allowed.
> 
> 
> I find it hard to believe that it's working on any other login
> mechanism, but not for GDM.
> 

I probably should have left a larger amount of that log visible. That
wasn't an anonymous bind. It was an authenticated bind to log the user in.


(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_send] (4):
Executing simple bind as: uid=bernd,ou=people,dc=example,dc=com
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_send] (8): ldap
simple bind sent, msgid = 2
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8):
Trace: sh[0x984d088], connected[1], ops[0x97db8b0], ldap[0x99689f0]
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8):
Trace: ldap_result found nothing!
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8):
Trace: sh[0x984d088], connected[1], ops[0x97db8b0], ldap[0x99689f0]
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (5):
Server returned no controls.
(Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind
result: Invalid credentials(49), (null)

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzb3WoACgkQeiVVYja6o6O8YwCfQYcGNG4/7i/7nBttQ1XxkOP6
ymMAn2I65exJSOcvXfLSPHubOEZ8bTvS
=oeOS
-----END PGP SIGNATURE-----


More information about the users mailing list