Hi Sumit,
I am making progress - both # getent -s sss passwd and getent group now work. I can also su - ldapuser and I get a shell in the correct $HOME on the ldap server. But I still cannot login to the SSSD Client as an ldap user! My /var/log/secure log last line is this: SSSD-VM-Test sshd[2240]: Failed password for sxxxxxx from IP port 52391 ...any ideas - I must be close! Thanks Steve.. -----Original Message----- From: Sumit Bose [mailto:sb...@redhat.com] Sent: 27 January 2016 08:50 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client & Server CentOS6.7 On Tue, Jan 26, 2016 at 03:08:19PM +0000, Murdoch, Steven wrote: > Hi Sumit, … this is the last few lines from the sssd_nss.log (after running # > getent group – which does not work). Getent passwd now works ok. > > Tue Jan 26 14:51:15 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client > connected! > (Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Received client version [1]. > (Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Offered version [1]. > (Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_send] > (0x0100): Received setgrent request (Tue Jan 26 14:51:15 2016) > [sssd[nss]] [nss_cmd_setgrent_step] (0x0400): Requesting info for > domain [vmlab] (Tue Jan 26 14:51:15 2016) [sssd[nss]] > [sss_dp_issue_request] (0x0400): Issuing request for > [0x41c240:2:*@vmlab] (Tue Jan 26 14:51:15 2016) [sssd[nss]] > [sss_dp_get_account_msg] (0x0400): Creating request for [vmlab][4098][1][*] > (Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): > Entering request [0x41c240:2:*@vmlab] (Tue Jan 26 14:51:15 2016) [sssd[nss]] > [nss_cmd_setgrent_step] (0x0400): Requesting info for domain [vmlab] (Tue Jan > 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_step] (0x0100): Domain > [vmlab] has no groups, skipping. > (Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_req_destructor] > (0x0400): Deleting request: [0x41c240:2:*@vmlab] (Tue Jan 26 14:51:15 > 2016) [sssd[nss]] [nss_cmd_getgrent] (0x0100): Requesting info for all > groups (Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_endgrent] (0x0100): > Terminating request info for all groups (Tue Jan 26 14:51:15 2016) > [sssd[nss]] [client_recv] (0x0200): Client disconnected! > (Tue Jan 26 14:51:17 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client > connected! > (Tue Jan 26 14:51:17 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Received client version [1]. > (Tue Jan 26 14:51:17 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Offered version [1]. > (Tue Jan 26 14:51:17 2016) [sssd[nss]] [nss_cmd_setgrent_send] > (0x0100): Received setgrent request (Tue Jan 26 14:51:17 2016) > [sssd[nss]] [nss_cmd_getgrent] (0x0100): Requesting info for all > groups (Tue Jan 26 14:51:17 2016) [sssd[nss]] [nss_cmd_endgrent] (0x0100): > Terminating request info for all groups (Tue Jan 26 14:51:17 2016) > [sssd[nss]] [client_recv] (0x0200): Client disconnected! > > > …I have a feeling my groups setup is not correct ! yes, as mentioned earlier groups need the objectclass posixGroup to have a gidNumber attribute. Please note that if you use the member attribute with the DNs of the members you have to set 'ldap_schema=rfc2307bis' (see man sssd-ldap for details). HTH bye, Sumit > > # Platform, Users, vmlab.ari.cdk.hosting > dn: cn=Platform,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > cn: Platform > objectClass: groupOfNames > member: cn=Bob Jones,cn=Steve xxxxxx,cn=Tom xxxxxxx,cn=Max > xxxxxxx,ou=Users ,dc=vmlab,dc=ari,dc=cdk,dc=hosting > member: cn=Rod xxxxxt,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > member: cn=Steve xxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > member: cn=Tom xxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > # groups, vmlab.ari.cdk.hosting > dn: ou=groups,dc=vmlab,dc=ari,dc=cdk,dc=hosting > objectClass: organizationalUnit > ou: groups > description: generic groups branch > > ..or is it something else? > When I try and login via the client (SSSD VM) I get access denied. > > Thanks again. > > From: Murdoch, Steve > Sent: 26 January 2016 13:37 > To: 'End-user discussions about the System Security Services Daemon' > Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both > Client & Server CentOS6.7 > > > Hi Sumit - The good news is - # getent passwd is now working - I can see all > my LDAP users: > > > > ..... > rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin > > rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > > nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin > > mxxxxxx:*:502:502:Max xxxxxx:/home/max: > > txxxxxx:*:501:501:Tom xxxxxx:/home/tom: > > sxxxxxx:*:505:100:Steve xxxxxx:/home/sxxxxxx: > > Manager:*:503:503:Manager:/home/Manager: > > mxxxxxx:*:504:100:Mike xxxxxx:/home/mxxxxxx: > > bjones:*:506:100:Bob Jones:/home/bjones: > > admin:*:507:100:admin:/home/admin: > > [root@SSSD-VM-Test db]# > > > > .. the bad news is # getent group is not working and therefore (I am > assuming) I cannot login on the client and get authorised via SSSD to the > LDAP server. > > I have added a group - this is what I added: > > > > # groups, vmlab.ari.cdk.hosting > > dn: ou=groups,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > objectClass: organizationalUnit > > ou: groups > > description: generic groups branch > > > > ..is this ok - or do I need to add more lines? > > > > Many thanks for your help. > > > > > > > > -----Original Message----- > From: Murdoch, Steve > Sent: 26 January 2016 10:58 > To: > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahosted> > .org> > Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both > Client & Server CentOS6.7 > > > > Hi Sumit, > > > > The Primary group 100 exists on the LDAP Server and on the SSSD Client - but > the users only exist on the LDAP server (no users added to SSSD). > > > > Sorry, I am not clear what you mean: > > > you have to add the primary group with GID 100 on the LDAP server as > > > well > > > > Attached are the nss and domain logs on the SSSD Client as requested. > > > > Thanks > > > > -----Original Message----- > > From: Sumit Bose [mailto:sb...@redhat.com] > > Sent: 25 January 2016 17:24 > > To: > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahosted> > .org> > > Subject: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client > & Server CentOS6.7 > > > > On Mon, Jan 25, 2016 at 03:55:45PM +0000, Murdoch, Steven wrote: > > > Hi Sumit, > > > > > > I think I have managed to add in the posixAccount to a user - when I > > ldapsearch from the client - I get this info for this user: > > > > > > > > > # mxxxxxx, Users, vmlab.ari.cdk.hosting > > > dn: uid=mxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > cn: Mike xxxxxx > > > sn: xxxxxx > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > userPassword:: cEBzc3cwcmQ= > > > uid: mxxxxxx > > > uidNumber: 504 > > > gidNumber: 100 > > > homeDirectory: /home/mxxxxxx > > > > > > ..I then tried getent passwd - but same as before I only get local users ! > > > Is there something else that needs a tweak to allow 'getent passwd' to show > > the ldap users? > > > > you have to add the primary group with GID 100 on the LDAP server as well. If > this still does not work please attach the nss and domain logs (see > https://fedorahosted.org/sssd/wiki/Troubleshooting for details). > > > > bye, > > Sumit > > > > > > > > Thanks a lot. > > > > > > -----Original Message----- > > > From: Murdoch, Steve > > > Sent: 25 January 2016 14:55 > > > To: 'End-user discussions about the System Security Services Daemon' > > > Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both > > > Client & Server CentOS6.7 > > > > > > Hi Sumit, > > > > > > Thanks for your help - I am trying to ldapmodify - added these lines to > > mike.ldif: > > > > > > dn: uid=mxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > changetype: modify > > > replace: objectClass > > > objectClass: posixAccount > > > uidNumber: 504 > > > userPassword: p@ssw0rd > > > cn: Mike > > > sn: xxxxxxx > > > gidNumber: 100 > > > homeDirectory: /home/mxxxxxx > > > > > > I used only the first 4 lines - but it complained that I need a uidNumber > > - so I added in line 5, but then I get this: > > > ldapmodify: wrong attributeType at line 5, entry > > "uid=mxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting" > > > > > > ...what am I doing wrong? > > > > > > Thanks > > > > > > -----Original Message----- > > > From: Sumit Bose [mailto:sb...@redhat.com] > > > Sent: 25 January 2016 13:57 > > > To: > > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahost<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahost> > > ed.org> > > > Subject: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both > > Client > > > & Server CentOS6.7 > > > > > > On Mon, Jan 25, 2016 at 01:15:46PM -0000, > > steven.murd...@cdk.com<mailto:steven.murd...@cdk.com<mailto:steven.murd...@cdk.com%3cmailto:steven.murd...@cdk.com>> > > wrote: > > > > > > > > Hi - I am new to SSSD and LDAP, and my first posting - so please bare > > > with me. > > > > # getent passwd only displays the local users - will not display > > > the > > > > LDAP users and is driving me insane - ldapsearch seems to work I > > > am > > > > using SSSD with TLS to authenticate to LDAP Server The CA.crt files were > > > self signed certificates. > > > > I used # cacertdir_rehash to create to create the sym-link to the > > > > CA.crt on both Client and Server My LDAP Server hostname is > > > 'ActDir-VM-Test' > > > > My SSSD Client hostname is 'SSSD-VM-Test' > > > > > > > > Here are my files: > > > > > > > > Server - /etc/openldap/slapd.conf: > > > > > > > > allow bind_v2 > > > > allow bind_anon_dn > > > > pidfile /var/run/openldap/slapd.pid > > > > argsfile /var/run/openldap/slapd.args > > > > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile > > > > /etc/openldap/cacerts/CA.crt TLSCertificateFile > > > > /etc/openldap/cacerts/server.crt TLSCertificateKeyFile > > > > /etc/openldap/cacerts/server.key TLSCipherSuite HIGH:MEDIUM:+TLSv1 > > > > TLSVerifyClient never access to > > > > dn.sub="dc=vmlab,dc=ari,dc=cdk,dc=hosting" > > > > by anonymous read > > > > by * read > > > > access to dn.base="" > > > > by anonymous none > > > > by * read > > > > database config > > > > access to * > > > > by > > > dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" > > > manage > > > > by * none > > > > database monitor > > > > access to * > > > > by > > > dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" > > > read > > > > by dn.exact="cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting" > > > read > > > > by * none > > > > access to * by users read > > > > > > > > database bdb > > > > suffix "dc=vmlab,dc=ari,dc=cdk,dc=hosting" > > > > checkpoint 1024 15 > > > > rootdn "cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting" > > > > rootpw p@ssw0rd > > > > loglevel 256 > > > > sizelimit unlimited > > > > # > > > > > > > > Server - ldap.conf: > > > > > > > > TIMELIMIT 120 > > > > ssl start_tls > > > > > > > > URI ldap://ActDir-VM-Test:389/ > > > > BASE cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > TLS_REQCERT allow > > > > > > > > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile > > > > /etc/openldap/cacerts/CA.crt # > > > > > > > > Server - /etc/sysconfig/ldap: > > > > > > > > SLAPD_LDAP=yes > > > > > > > > # Run slapd with -h "... ldapi:/// ..." > > > > # yes/no, default: yes > > > > SLAPD_LDAPI=no > > > > > > > > # Run slapd with -h "... ldaps:/// ..." > > > > # yes/no, default: no > > > > SLAPD_LDAPS=no > > > > # > > > > > > > > Server - /etc/pam.d/password-auth-ac > > > > > > > > #%PAM-1.0 > > > > # This file is auto-generated. > > > > # User changes will be destroyed the next time authconfig is run. > > > > auth required pam_env.so > > > > auth sufficient pam_unix.so nullok try_first_pass > > > > auth requisite pam_succeed_if.so uid >= 500 quiet > > > > auth sufficient pam_sss.so use_first_pass > > > > auth required pam_deny.so > > > > > > > > account required pam_unix.so broken_shadow > > > > account sufficient pam_localuser.so > > > > account sufficient pam_succeed_if.so uid < 500 quiet > > > > account [default=bad success=ok user_unknown=ignore] pam_sss.so > > > > account required pam_permit.so > > > > > > > > password requisite pam_cracklib.so try_first_pass retry=3 type= > > > > password sufficient pam_unix.so md5 shadow nullok try_first_pass > > > use_authtok > > > > password sufficient pam_sss.so use_authtok > > > > password required pam_deny.so > > > > > > > > session optional pam_keyinit.so revoke > > > > session required pam_limits.so > > > > session [success=1 default=ignore] pam_succeed_if.so service in crond > > > quiet use_uid > > > > session required pam_unix.so > > > > session optional pam_sss.so > > > > # > > > > > > > > Server: - /etc/pam.d/system-auth-ac > > > > > > > > #%PAM-1.0 > > > > # This file is auto-generated. > > > > # User changes will be destroyed the next time authconfig is run. > > > > auth required pam_env.so > > > > auth sufficient pam_unix.so nullok try_first_pass > > > > auth requisite pam_succeed_if.so uid >= 500 quiet > > > > auth sufficient pam_sss.so use_first_pass > > > > auth required pam_deny.so > > > > > > > > account required pam_unix.so broken_shadow > > > > account sufficient pam_localuser.so > > > > account sufficient pam_succeed_if.so uid < 500 quiet > > > > account [default=bad success=ok user_unknown=ignore] pam_sss.so > > > > account required pam_permit.so > > > > > > > > password requisite pam_cracklib.so try_first_pass retry=3 type= > > > > password sufficient pam_unix.so md5 shadow nullok try_first_pass > > > use_authtok > > > > password sufficient pam_sss.so use_authtok > > > > password required pam_deny.so > > > > > > > > session optional pam_keyinit.so revoke > > > > session required pam_limits.so > > > > session [success=1 default=ignore] pam_succeed_if.so service in crond > > > quiet use_uid > > > > session required pam_unix.so > > > > session optional pam_sss.so > > > > # > > > > > > > > Server - /etc/nsswitch.conf > > > > > > > > passwd: files sss > > > > shadow: files sss > > > > group: files sss > > > > # > > > > > > > > > > > > > > > > Client - /etc/sssd/sssd.conf: > > > > > > > > [sssd] > > > > services = nss, pam > > > > config_file_version = 2 > > > > domains = vmlab > > > > > > > > authconfig --enablesssd --enablesssdauth --enablelocauthorize > > > > --enableldap --enableldaptls --enableldapauth > > > > --ldapserver=ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389 > > > > --ldapbasedn=dc=vmlab,dc=ari,dc=cdk,dc=hosting --disablekrb5 > > > > --disablenis --enablerfc2307bis --enablemkhomedir > > > --enablecachecreds > > > > --update > > > > > > > > [domain/vmlab] > > > > > > > > id_provider = ldap > > > > auth_provider = ldap > > > > > > > > # Timming > > > > entry_cache_timeout = 600 > > > > ldap_network_timeout = 3 > > > > > > > > ldap_uri = ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389 > > > > ldap_user_search_base = > > > > dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > ldap_tls_reqcert = demand > > > > cache_credentials = True > > > > > > > > ldap_tls_cacertdir = /etc/openldap/cacerts ldap_access_filter = > > > > memberOf=CN=Manager,OU=Users,DC=ActDir-VM-Test,DC=vmlab,DC=ari,DC= > > > cd > > > > k, DC=hosting ldap_tls_cacert = /etc/openldap/cacerts/CA.crt > > > > ldap_tls_reqcert = demand ldap_default_bind_dn = > > > > cn=Manager,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > ldap_default_authtok_type = password ldap_default_authtok = > > > p@ssw0rd > > > > enumerate = true > > > > > > > > > > > > [nss] > > > > filter_users = root, sshd, named, avahi, haldaemon, dbus, radiusd, > > > > news, nscd filter_groups = root, sshd, named, avahi, haldaemon, > > > > dbus, radiusd, news, nscd reconnection_retries = 3 > > > > entry_cache_timeout = 300 entry_cache_nowait_percentage = 75 > > > > debug_level = 6 > > > > > > > > [pam] > > > > reconnection_retries = 3 > > > > # > > > > The enumerate = True will only be enabled during testing - if I ever get > > > it working - then it will be removed. > > > > > > > > > > > > Client - /etc/openldap/ldap.conf: > > > > > > > > idle_timelimit 3600 > > > > TIMELIMIT 120 > > > > bind_timelimit 120 > > > > > > > > SASL_NOCANON on > > > > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile > > > > /etc/openldap/cacerts/CA.crt > > > > > > > > #TLS_CACERTDIR /etc/openldap/cacerts #TLS_CACERT > > > > /etc/openldap/cacerts/CA.crt #TLS_CACERT > > > > /etc/openldap/cacerts/19913717.0 > > > > > > > > ssl start_tls > > > > TLS_REQCERT allow > > > > HOST ActDir-VM-Test.vmlab.ari.cdk.hosting > > > > BASE dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > URI ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389 > > > > TLS_CACERTDIR /etc/openldap/cacerts > > > > ldap_default_bind_dn cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > ldap_default_authtok p@ssw0rd > > > > BINDDN > > > > uid=Manager,ou=Users,dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=h > > > os > > > > ti > > > > ng > > > > # > > > > > > > > Client - the PAM files password-auth-ac and the system-auth-ac files are > > > the same as the Server: > > > > > > > > Client - nsswitch.conf: > > > > > > > > passwd: files sss > > > > shadow: files sss > > > > group: files sss > > > > > > > > uid Manager > > > > gid ldap > > > > #base CN=vmlab,OU=Users,DC=vmlab,DC=ari,DC=cdk,DC=hosting > > > > base DC=vmlab,DC=ari,DC=cdk,DC=hosting uri > > > > ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting > > > > # > > > > > > > > Client - ldapsearch: > > > > > > > > # ldapsearch -x -ZZ -H ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting > > > > -b dc=vmlab,dc=ari,dc=cdk,dc=hosting objectclass=* # extended LDIF > > > # > > > > # > > > > LDAPv3 # base <dc=vmlab,dc=ari,dc=cdk,dc=hosting> with scope > > > subtree > > > > # > > > > filter: objectclass=* # requesting: ALL # > > > > > > > > # vmlab.ari.cdk.hosting > > > > dn: dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > objectClass: dcObject > > > > objectClass: organization > > > > dc: vmlab > > > > o: vmlab > > > > > > > > # Users, vmlab.ari.cdk.hosting > > > > dn: ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > objectClass: organizationalUnit > > > > ou: Users > > > > > > > > # Steve xxxxxxxxx, Users, vmlab.ari.cdk.hosting > > > > dn: cn=Steve Murdoch,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Steve xxxxxxxx > > > > sn: xxxxxxxx > > > > objectClass: inetOrgPerson > > > > > > The inetOrgPerson objectclass is not sufficient you need to add the > > posixAccount objectclass to user objects and the posixGroup objects to > > group objects. These objectclasses are needed to e.g. provided the POSIX > > UIDs and GIDs. > > > > > > HTH > > > > > > bye, > > > Sumit > > > > > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: sxxxxxxxx > > > > > > > > # Bob Jones, Users, vmlab.ari.cdk.hosting > > > > dn: cn=Bob Jones,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Bob Jones > > > > sn: Jones > > > > objectClass: inetOrgPerson > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: bjones > > > > > > > > # Tom xxxxxxxx, Users, vmlab.ari.cdk.hosting > > > > dn: cn=Tom xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Tom xxxxxxxx > > > > sn: xxxxxxxx > > > > objectClass: inetOrgPerson > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: txxxxxxxx > > > > > > > > # Max xxxxxxxx, Users, vmlab.ari.cdk.hosting > > > > dn: cn=Max xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Max xxxxxxxx > > > > sn: xxxxxxxx > > > > objectClass: inetOrgPerson > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: mxxxxxxxx > > > > > > > > # Platform, Users, vmlab.ari.cdk.hosting > > > > dn: cn=Platform,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Platform > > > > objectClass: groupOfNames > > > > member: cn=Bob Jones,cn=Steve xxxxxxxx,cn=Tom xxxxxxxx,cn=Max > > > > xxxxxxxx,ou=Users ,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > member: cn=Rod Stewart,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > member: cn=Steve > > > xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > member: cn=Tom xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > > > > > # mpitman, Users, vmlab.ari.cdk.hosting > > > > dn: uid=mxxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: Mike xxxxxxxx > > > > sn: xxxxxxxx > > > > objectClass: inetOrgPerson > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: mxxxxxx > > > > > > > > # root, Users, vmlab.ari.cdk.hosting > > > > dn: uid=root,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting > > > > cn: root > > > > sn: root > > > > objectClass: inetOrgPerson > > > > userPassword:: cEBzc3cwcmQ= > > > > uid: root > > > > > > > > # search result > > > > search: 3 > > > > result: 0 Success > > > > > > > > # numResponses: 10 > > > > # > > > > > > > > > > > > > > > > Any help much appreciated - thanks a lot. > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > sssd-users mailing list > > > > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedoraho<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedoraho> > > > sted.org> > > > > https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedora > > > ho > > > > st > > > > ed.org > > > _______________________________________________ > > > sssd-users mailing list > > > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahost<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahost> > > ed.org> > > > https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho > > st > > > ed.org > > > > > > -------------------------------------------------------------------- > > -- > > > This message and any attachments are intended only for the use of the > > addressee and may contain information that is privileged and confidential. > > If the reader of the message is not the intended recipient or an authorized > > representative of the intended recipient, you are hereby notified that any > > dissemination of this communication is strictly prohibited. If you have > > received this communication in error, notify the sender immediately by > > return email and delete the message and any attachments from your system. > > > _______________________________________________ > > > sssd-users mailing list > > > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahost<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahost> > > ed.org> > > > https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho > > st > > > ed.org > > _______________________________________________ > > sssd-users mailing list > > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted<mailto:sssd-users@lists.fedorahosted.org%3cmailto:sssd-users@lists.fedorahosted> > .org> > > https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost > ed.org > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> > https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost > ed.org _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
