[Freeipa-users] SSS problems with eDirectory
Sumit Bose
sbose at redhat.com
Thu Jul 22 08:19:37 UTC 2010
On Wed, Jul 21, 2010 at 03:22:29PM -0400, Scott Duckworth wrote:
...
>
> "something bad happened" isn't very useful. And since SSS refuses to try
> and authenticate users without an encrypted connection, I can't easily use
> wireshark and friends to debug at the protocol level. While I could
> probably patch the source to print the actual LDAP error with
> ldap_err2string(), or maybe gdb the process and set a breakpoint when things
> go wrong to hopefully get some more useful information, this is beyond what
> I'd normally consider doing when deploying new software. Any suggestions?
I'm currently installing eDirectory and I will try to reproduce the
behaviour you have found.
>
> Moving on...
>
> We will need to dereference LDAP aliases but I have not yet been able to
> find a setting to enable this. I also have not found the equivalent of the
I have added a RFE to sssd trac
(https://fedorahosted.org/sssd/ticket/568). As a sort term fix you can
add the appropriate DEREF option to /etc/openldap/ldap.conf.
> pam_password_prohibit_message setting in /etc/ldap.conf; while not strictly
> required, it is nice to refer users to the proper way to change passwords in
> our environment.
Currently there is only a configurable message if password resets by
root fail. I have added https://fedorahosted.org/sssd/ticket/569 to
track this.
bye,
Sumit
>
> Any help would be appreciated. Thanks!
>
> Scott Duckworth, Systems Programmer II
> Clemson University School of Computing
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list