On Wed, Jul 21, 2010 at 03:22:29PM -0400, Scott Duckworth wrote: ...
> > "something bad happened" isn't very useful. And since SSS refuses to try > and authenticate users without an encrypted connection, I can't easily use > wireshark and friends to debug at the protocol level. While I could > probably patch the source to print the actual LDAP error with > ldap_err2string(), or maybe gdb the process and set a breakpoint when things > go wrong to hopefully get some more useful information, this is beyond what > I'd normally consider doing when deploying new software. Any suggestions? I'm currently installing eDirectory and I will try to reproduce the behaviour you have found. > > Moving on... > > We will need to dereference LDAP aliases but I have not yet been able to > find a setting to enable this. I also have not found the equivalent of the I have added a RFE to sssd trac (https://fedorahosted.org/sssd/ticket/568). As a sort term fix you can add the appropriate DEREF option to /etc/openldap/ldap.conf. > pam_password_prohibit_message setting in /etc/ldap.conf; while not strictly > required, it is nice to refer users to the proper way to change passwords in > our environment. Currently there is only a configurable message if password resets by root fail. I have added https://fedorahosted.org/sssd/ticket/569 to track this. bye, Sumit > > Any help would be appreciated. Thanks! > > Scott Duckworth, Systems Programmer II > Clemson University School of Computing > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
