[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv6-list] Openldap Problem



I'd top that by adding that I've recently implemented a solution with
the latest IPA provided in RHEL 6.3, and it's amazing. It uses 389
behind the scene, but bundles it with Kerberos and many other useful
features, and also abstracts the SSSD configuration away by default.

See :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html

Matthias

On Thu, 26 Jul 2012 09:46:53 -0400
solarflow99 <solarflow99 gmail com> wrote:

> I can just say I had much better luck with 389, i found it a clean and
> easy solution for a production system.
> 
> 
> 
> On Thu, Jul 26, 2012 at 5:18 AM, Chris <chris flamengro co za> wrote:
> > Hi.
> >
> > I am using rhel 6.3, with sssd-1.8.0 and
> > openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64.
> > The problem I'm having is I get this error message in messages file.
> >
> > "sssd[be[default]]: Could not start TLS encryption. TLS error
> > -5938:Encountered end of file"
> >  Errors I saw in sssd_default.log
> >
> > When I add new users I cannot log in with the new names, a
> > ldapseach shows them but getent passwd nothing.
> > Not all the users show up on my other machines, only some.
> >
> > Any help will be appreciated.
> >
> >
> > My slapd.conf file looks like this.
> >
> > include         /etc/openldap/schema/corba.schema
> > include         /etc/openldap/schema/core.schema
> > include         /etc/openldap/schema/cosine.schema
> > include         /etc/openldap/schema/duaconf.schema
> > include         /etc/openldap/schema/dyngroup.schema
> > include         /etc/openldap/schema/inetorgperson.schema
> > include         /etc/openldap/schema/java.schema
> > include         /etc/openldap/schema/misc.schema
> > include         /etc/openldap/schema/nis.schema
> > include         /etc/openldap/schema/openldap.schema
> > include         /etc/openldap/schema/ppolicy.schema
> > include         /etc/openldap/schema/collective.schema
> >
> > allow bind_v2
> >
> > pidfile         /var/run/openldap/slapd.pid
> > argsfile        /var/run/openldap/slapd.args
> >
> > database        bdb
> > suffix          "dc=flamengro,dc=com"
> > checkpoint      1024 15
> > rootdn          "cn=Manager,dc=flamengro,dc=com"
> >
> > rootpw  secret
> >
> > directory       /var/lib/ldap/flamengro
> >
> > index objectClass                       eq,pres
> > index ou,cn,mail,surname,givenname      eq,pres,sub
> > index uidNumber,gidNumber,loginShell    eq,pres
> > index uid,memberUid                     eq,pres,sub
> > index nisMapName,nisMapEntry            eq,pres,sub
> >
> > database monitoraccess to *
> >         by dn.exact="cn=Manager,dc=flamengro,dc=com" read
> >         by * none
> > access to attrs=userPassword,shadowLastChange
> >         by anonymous auth
> >         by self write
> >         by * none
> >
> > My sssd.conf file looks like this
> >
> > [sssd]
> > config_file_version = 2
> >
> > reconnection_retries = 3
> >
> > sbus_timeout = 30
> > services = nss, pam
> >
> > domains = default
> >
> > [nss]
> > filter_groups = root
> > filter_users = root
> > reconnection_retries = 3
> >
> > [pam]
> > reconnection_retries = 3
> >
> > [domain/default]
> > auth_provider = ldap
> > cache_credentials = True
> > ldap_id_use_start_tls = True
> > debug_level = 9
> > ldap_search_base = dc=flamengro,dc=com
> > # krb5_realm = EXAMPLE.COM
> > chpass_provider = ldap
> > id_provider = ldap
> > ldap_uri = ldap://ibm-01.flamengro.co.za
> > # krb5_kdcip = kerberos.example.com
> > ldap_tls_cacertdir = /etc/openldap/cacerts
> > enumerate = True
> > ldap_sasl_canonicalize = true
> > # krb5_server = kerberos.example.com
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > rhelv6-list mailing list
> > rhelv6-list redhat com
> > https://www.redhat.com/mailman/listinfo/rhelv6-list
> >
> 
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list redhat com
> https://www.redhat.com/mailman/listinfo/rhelv6-list



-- 
            Matthias Saou                  ██          ██
                                             ██      ██
Web: http://matthias.saou.eu/              ██████████████
Mail/XMPP:  matthias saou eu             ████  ██████  ████
                                       ██████████████████████
GPG: 4096R/E755CC63                    ██  ██████████████  ██
     8D91 7E2E F048 9C9C 46AF          ██  ██          ██  ██
     21A9 7A51 7B82 E755 CC63                ████  ████


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]