[rhelv6-list] Openldap Problem

Chris chris at flamengro.co.za
Thu Jul 26 09:18:06 UTC 2012 

Hi.

I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the
kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.

"sssd[be[default]]: Could not start TLS encryption. TLS error
-5938:Encountered end of file"
 Errors I saw in sssd_default.log

When I add new users I cannot log in with the new names, a ldapseach
shows them but getent passwd nothing.
Not all the users show up on my other machines, only some.

Any help will be appreciated.


My slapd.conf file looks like this.

/include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=flamengro,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=flamengro,dc=com"

rootpw  secret

directory       /var/lib/ldap/flamengro

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

database monitoraccess to *
        by dn.exact="cn=Manager,dc=flamengro,dc=com" read
        by * none
access to attrs=userPassword,shadowLastChange
        by anonymous auth
        by self write
        by * none/

My sssd.conf file looks like this
/
[sssd]
config_file_version = 2

reconnection_retries = 3

sbus_timeout = 30
services = nss, pam

domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com



/





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20120726/34402440/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chris.vcf
Type: text/x-vcard
Size: 183 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20120726/34402440/attachment.vcf>

More information about the rhelv6-list mailing list