On Wed, Jul 21, 2010 at 03:22:29PM -0400, Scott Duckworth wrote:

...

> 
> "something bad happened" isn't very useful.  And since SSS refuses to try
> and authenticate users without an encrypted connection, I can't easily use
> wireshark and friends to debug at the protocol level.  While I could
> probably patch the source to print the actual LDAP error with
> ldap_err2string(), or maybe gdb the process and set a breakpoint when things
> go wrong to hopefully get some more useful information, this is beyond what
> I'd normally consider doing when deploying new software.  Any suggestions?

I'm currently installing eDirectory and I will try to reproduce the
behaviour you have found.

> 
> Moving on...
> 
> We will need to dereference LDAP aliases but I have not yet been able to
> find a setting to enable this.  I also have not found the equivalent of the

I have added a RFE to sssd trac
(https://fedorahosted.org/sssd/ticket/568). As a sort term fix you can
add the appropriate DEREF option to /etc/openldap/ldap.conf.

> pam_password_prohibit_message setting in /etc/ldap.conf; while not strictly
> required, it is nice to refer users to the proper way to change passwords in
> our environment.

Currently there is only a configurable message if password resets by
root fail. I have added https://fedorahosted.org/sssd/ticket/569 to
track this.

bye,
Sumit

> 
> Any help would be appreciated.  Thanks!
> 
> Scott Duckworth, Systems Programmer II
> Clemson University School of Computing

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to