On Wed, Jul 21, 2010 at 03:22:29PM -0400, Scott Duckworth wrote:
> "something bad happened" isn't very useful. And since SSS refuses to try
> and authenticate users without an encrypted connection, I can't easily use
> wireshark and friends to debug at the protocol level. While I could
> probably patch the source to print the actual LDAP error with
> ldap_err2string(), or maybe gdb the process and set a breakpoint when things
> go wrong to hopefully get some more useful information, this is beyond what
> I'd normally consider doing when deploying new software. Any suggestions?
I'm currently installing eDirectory and I will try to reproduce the
behaviour you have found.
> Moving on...
> We will need to dereference LDAP aliases but I have not yet been able to
> find a setting to enable this. I also have not found the equivalent of the
I have added a RFE to sssd trac
(https://fedorahosted.org/sssd/ticket/568). As a sort term fix you can
add the appropriate DEREF option to /etc/openldap/ldap.conf.
> pam_password_prohibit_message setting in /etc/ldap.conf; while not strictly
> required, it is nice to refer users to the proper way to change passwords in
> our environment.
Currently there is only a configurable message if password resets by
root fail. I have added https://fedorahosted.org/sssd/ticket/569 to
> Any help would be appreciated. Thanks!
> Scott Duckworth, Systems Programmer II
> Clemson University School of Computing
> Freeipa-users mailing list
Freeipa-users mailing list