[rhelv6-list] Openldap Problem

solarflow99 solarflow99 at gmail.com
Thu Jul 26 13:46:53 UTC 2012


I can just say I had much better luck with 389, i found it a clean and
easy solution for a production system.



On Thu, Jul 26, 2012 at 5:18 AM, Chris <chris at flamengro.co.za> wrote:
> Hi.
>
> I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the
> kernel is 2.6.32-279.2.1.el6.x86_64.
> The problem I'm having is I get this error message in messages file.
>
> "sssd[be[default]]: Could not start TLS encryption. TLS error
> -5938:Encountered end of file"
>  Errors I saw in sssd_default.log
>
> When I add new users I cannot log in with the new names, a ldapseach shows
> them but getent passwd nothing.
> Not all the users show up on my other machines, only some.
>
> Any help will be appreciated.
>
>
> My slapd.conf file looks like this.
>
> include         /etc/openldap/schema/corba.schema
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/duaconf.schema
> include         /etc/openldap/schema/dyngroup.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/java.schema
> include         /etc/openldap/schema/misc.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/openldap.schema
> include         /etc/openldap/schema/ppolicy.schema
> include         /etc/openldap/schema/collective.schema
>
> allow bind_v2
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> database        bdb
> suffix          "dc=flamengro,dc=com"
> checkpoint      1024 15
> rootdn          "cn=Manager,dc=flamengro,dc=com"
>
> rootpw  secret
>
> directory       /var/lib/ldap/flamengro
>
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
>
> database monitoraccess to *
>         by dn.exact="cn=Manager,dc=flamengro,dc=com" read
>         by * none
> access to attrs=userPassword,shadowLastChange
>         by anonymous auth
>         by self write
>         by * none
>
> My sssd.conf file looks like this
>
> [sssd]
> config_file_version = 2
>
> reconnection_retries = 3
>
> sbus_timeout = 30
> services = nss, pam
>
> domains = default
>
> [nss]
> filter_groups = root
> filter_users = root
> reconnection_retries = 3
>
> [pam]
> reconnection_retries = 3
>
> [domain/default]
> auth_provider = ldap
> cache_credentials = True
> ldap_id_use_start_tls = True
> debug_level = 9
> ldap_search_base = dc=flamengro,dc=com
> # krb5_realm = EXAMPLE.COM
> chpass_provider = ldap
> id_provider = ldap
> ldap_uri = ldap://ibm-01.flamengro.co.za
> # krb5_kdcip = kerberos.example.com
> ldap_tls_cacertdir = /etc/openldap/cacerts
> enumerate = True
> ldap_sasl_canonicalize = true
> # krb5_server = kerberos.example.com
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>




More information about the rhelv6-list mailing list