On Tue, Apr 23, 2013 at 10:00 AM, Stephen Gallagher <sgall...@redhat.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue 23 Apr 2013 12:55:19 PM EDT, Brandon Foster wrote: >> hey all, Im new to sssd and ldap so be gentle =) >> >> I've followed some guides on how to set up sssd ldap client >> authentication on Centos 6.3 but mine doesnt seem to be working >> here is my sssd.conf >> >> ----- [sssd] config_file_version = 2 services = nss, pam domains = >> default >> >> [nss] filter_users = >> root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd >> >> [pam] >> >> [domain/default] auth_provider = ldap debug_level = 9 enumerate = >> True cache_credentials = True chpass_provider = ldap >> entry_cache_timeout = 600 krb5_realm = EXAMPLE.COM krb5_server = >> kerberos.example.com ldap_chpass_uri = ldaps://xx.xx.xx.xx:<PORT>/ >> ldap_force_upper_case_realm = True id_provider = ldap >> ldap_group_member = uniquemember ldap_group_object_class = group >> ldap_id_use_start_tls = False ldap_pwd_policy = none >> ldap_search_base = >> ou=organizationunit3,ou=organizationunit2,ou=organizationunit1,o=example >> >> > ldap_schema = rfc2307bis >> ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_reqcert = >> never ldap_uri = ldaps://xx.xx.xx.xx:<PORT>/ ldap_user_gecos = >> displayName ldap_user_home_directory = unixHomeDirectory >> ldap_user_name = cn ldap_user_object_class = user >> >> ------ >> >> ldapsearcg -z 'cn=username' comes back with all the information >> about the user >> >> but id username takes a really long time and then returns no such >> user. >> >> here is a piece of the log: >> > ... >> (Tue Apr 23 12:51:29 2013) [sssd[be[default]]] >> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: >> [defaultNamingContext] (Tue Apr 23 12:51:29 2013) >> [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): >> Requesting attrs: [lastUSN] (Tue Apr 23 12:51:29 2013) >> [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): >> Requesting attrs: [highestCommittedUSN] >> --------------------------------------------------------------------------- >> >> >> > To me it looks like its searching but not finding for some reason >> >> any help would be much appreciated. >> > > > You truncated the log too early. It is only showing the connection to > the LDAP server (and the determination of server capabilities). Please > include the actual user search that should follow that. > > I'm guessing your user might be missing something important, like > uidNumber or gidNumber (or it's stored in a non-standard attribute name). > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlF2vhMACgkQeiVVYja6o6MhFwCgq5BD+hVyPfOiTZxCJ/Hyw79U > OaAAnjc9WncvDw+IofzaQUTQgtlGZcVS > =VeAV > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
hey thanks for the quick reply. that is the end of the log after the user search has finish. the next line after that is: ------------------- (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [fo_context_init] (0x0400): Created new fail over context, retry timeout is 30 (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [sysdb_domain_init_internal] (0x0200): DB File for default: /var/lib/sss/db/cache_default.ldb (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x10e98c0 (Tue Apr 23 12:52:29 2013) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x10ff4d0 .... --------------- which is the same as the very beginning of the log. the start of the user search is in there near the end, but that is where the log ends when taken after the id search has failed. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
