Hello, I have an OpenLDAP server with anonymous access disabled. When I check the SSSD logs, I see that it makes an anonymous query for certain attributes, resulting in the following error:
* (2025-02-01 5:45:50): [be[LDAP]] [sdap_connect_done] (0x0080): START TLS result: Success(0), (null) * (2025-02-01 5:45:50): [be[LDAP]] [sdap_op_destructor] (0x2000): Operation 1 finished * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_rootdse_send] (0x4000): Getting rootdse * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 2 * (2025-02-01 5:45:50): [be[LDAP]] [sdap_op_add] (0x2000): New operation 2 timeout 6 * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: sh[0x5562b7500710], connected[1], ops[0x5562b7494520], ldap[0x5562b74feb80] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: sh[0x5562b7500710], connected[1], ops[0x5562b7494520], ldap[0x5562b74feb80] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: sh[0x5562b7500710], connected[1], ops[0x5562b7494520], ldap[0x5562b74feb80] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_result] (0x2000): Trace: sh[0x5562b7500710], connected[1], ops[0x5562b7494520], ldap[0x5562b74feb80] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_op_finished] (0x0400): Search result: Server is unwilling to perform(53), authentication required * (2025-02-01 5:45:50): [be[LDAP]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Server is unwilling to perform(53), authentication required If I enable anonymous access, this error does not appear. In my sssd.conf configuration, I am using binddn and password. Is there any way to disable these queries, or is it mandatory for the OpenLDAP server to allow anonymous access? Best regards.
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
