[rhelv6-list] Openldap Problem

Matthias Saou matthias at saou.eu
Thu Jul 26 14:42:12 UTC 2012 

I'd top that by adding that I've recently implemented a solution with
the latest IPA provided in RHEL 6.3, and it's amazing. It uses 389
behind the scene, but bundles it with Kerberos and many other useful
features, and also abstracts the SSSD configuration away by default.

See :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html

Matthias

On Thu, 26 Jul 2012 09:46:53 -0400
solarflow99 <solarflow99 at gmail.com> wrote:

> I can just say I had much better luck with 389, i found it a clean and
> easy solution for a production system.
> 
> 
> 
> On Thu, Jul 26, 2012 at 5:18 AM, Chris <chris at flamengro.co.za> wrote:
> > Hi.
> >
> > I am using rhel 6.3, with sssd-1.8.0 and
> > openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64.
> > The problem I'm having is I get this error message in messages file.
> >
> > "sssd[be[default]]: Could not start TLS encryption. TLS error
> > -5938:Encountered end of file"
> >  Errors I saw in sssd_default.log
> >
> > When I add new users I cannot log in with the new names, a
> > ldapseach shows them but getent passwd nothing.
> > Not all the users show up on my other machines, only some.
> >
> > Any help will be appreciated.
> >
> >
> > My slapd.conf file looks like this.
> >
> > include         /etc/openldap/schema/corba.schema
> > include         /etc/openldap/schema/core.schema
> > include         /etc/openldap/schema/cosine.schema
> > include         /etc/openldap/schema/duaconf.schema
> > include         /etc/openldap/schema/dyngroup.schema
> > include         /etc/openldap/schema/inetorgperson.schema
> > include         /etc/openldap/schema/java.schema
> > include         /etc/openldap/schema/misc.schema
> > include         /etc/openldap/schema/nis.schema
> > include         /etc/openldap/schema/openldap.schema
> > include         /etc/openldap/schema/ppolicy.schema
> > include         /etc/openldap/schema/collective.schema
> >
> > allow bind_v2
> >
> > pidfile         /var/run/openldap/slapd.pid
> > argsfile        /var/run/openldap/slapd.args
> >
> > database        bdb
> > suffix          "dc=flamengro,dc=com"
> > checkpoint      1024 15
> > rootdn          "cn=Manager,dc=flamengro,dc=com"
> >
> > rootpw  secret
> >
> > directory       /var/lib/ldap/flamengro
> >
> > index objectClass                       eq,pres
> > index ou,cn,mail,surname,givenname      eq,pres,sub
> > index uidNumber,gidNumber,loginShell    eq,pres
> > index uid,memberUid                     eq,pres,sub
> > index nisMapName,nisMapEntry            eq,pres,sub
> >
> > database monitoraccess to *
> >         by dn.exact="cn=Manager,dc=flamengro,dc=com" read
> >         by * none
> > access to attrs=userPassword,shadowLastChange
> >         by anonymous auth
> >         by self write
> >         by * none
> >
> > My sssd.conf file looks like this
> >
> > [sssd]
> > config_file_version = 2
> >
> > reconnection_retries = 3
> >
> > sbus_timeout = 30
> > services = nss, pam
> >
> > domains = default
> >
> > [nss]
> > filter_groups = root
> > filter_users = root
> > reconnection_retries = 3
> >
> > [pam]
> > reconnection_retries = 3
> >
> > [domain/default]
> > auth_provider = ldap
> > cache_credentials = True
> > ldap_id_use_start_tls = True
> > debug_level = 9
> > ldap_search_base = dc=flamengro,dc=com
> > # krb5_realm = EXAMPLE.COM
> > chpass_provider = ldap
> > id_provider = ldap
> > ldap_uri = ldap://ibm-01.flamengro.co.za
> > # krb5_kdcip = kerberos.example.com
> > ldap_tls_cacertdir = /etc/openldap/cacerts
> > enumerate = True
> > ldap_sasl_canonicalize = true
> > # krb5_server = kerberos.example.com
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > rhelv6-list mailing list
> > rhelv6-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhelv6-list
> >
> 
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list



-- 
            Matthias Saou                  ██          ██
                                             ██      ██
Web: http://matthias.saou.eu/              ██████████████
Mail/XMPP:  matthias at saou.eu             ████  ██████  ████
                                       ██████████████████████
GPG: 4096R/E755CC63                    ██  ██████████████  ██
     8D91 7E2E F048 9C9C 46AF          ██  ██          ██  ██
     21A9 7A51 7B82 E755 CC63                ████  ████

More information about the rhelv6-list mailing list