[SSSD-users] Issue with SSSD connectivity to OpenLDAP

Thu, 16 Jul 2015 12:13:35 -0700 

 

Hi, 

I'm working on setting a LDAP proxy (with OpenLDAP) to ActiveDirectory.
And testing the proxy with SSSD gives me strange results I don't
understand. When someone is trying to connect to a Linuxbox on which
SSSD is looking after the LDAP-Proxy, it fails because of a bad filter
thing (which is OK, as you'll see in the logs). The logs from SSSD
shows: 

(Thu Jul 16 14:51:00 2015) [sssd[be[DOMAIN]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=christian.tardif1)(objectclass=user)(uid=*)((null)=*))][ou=users,ou=outhing,dc=domain,dc=int].
(Thu Jul 16 14:51:00 2015) [sssd[be[LABNHS]]]
[sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search
filter 

Look at that (null)=* thing. Where does that comes from ? My sssd.conf
looks like: 

[domain/DOMAIN]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = simple
ldap_uri = ldap://172.22.211.114/
ldap_search_base = ou=outhing,dc=domain,dc=int
#ldap_default_bind_dn = cn=ldap
binduser,ou=others,ou=users,ou=outhing,dc=domain,dc=int
#ldap_default_authtok = B1ndPassw0rd!
ldap_default_bind_dn = cn=Manager,dc=domain,dc=int
ldaP_default_authtok = *********
ldap_default_authtok_type = password
ldap_user_name = uid
ldap_user_object_class = user
ldap_user_search_base = ou=users,ou=outhing,dc=domain,dc=int
ldap_user_extra_attrs = mail
ldap_group_object_class = group
ldap_group_search_base = ou=groups,ou=outhing,dc=domain,dc=int
ldap_id_mapping = true
ldap_schema = rfc2307bis
ldap_tls_reqcert = never
ldap_id_use_start_tls = false
ldap_network_timeout = 6
override_gid = 100
enumerate = true
cache_credentials = true
cache_sensitive = false
entry_cache_timeout = 300
debug_level = 6 

[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN 

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
override_homedir = /home/%u
default_shell = /bin/bash 

[pam] 

[sudo] 

[autofs] 

[ssh] 

Is something wrong in my config to create this (null)=* thing ? 
-- 

CHRISTIAN TARDIF 
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to