[rhelv6-list] Openldap Problem
Chris
chris at flamengro.co.za
Thu Jul 26 09:18:06 UTC 2012
Hi.
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the
kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.
"sssd[be[default]]: Could not start TLS encryption. TLS error
-5938:Encountered end of file"
Errors I saw in sssd_default.log
When I add new users I cannot log in with the new names, a ldapseach
shows them but getent passwd nothing.
Not all the users show up on my other machines, only some.
Any help will be appreciated.
My slapd.conf file looks like this.
/include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=flamengro,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=flamengro,dc=com"
rootpw secret
directory /var/lib/ldap/flamengro
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitoraccess to *
by dn.exact="cn=Manager,dc=flamengro,dc=com" read
by * none
access to attrs=userPassword,shadowLastChange
by anonymous auth
by self write
by * none/
My sssd.conf file looks like this
/
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20120726/34402440/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chris.vcf
Type: text/x-vcard
Size: 183 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20120726/34402440/attachment.vcf>
More information about the rhelv6-list
mailing list