At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <[email protected]> wrote:
> > Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) > schrieb Robert Heller <[email protected]>: > [...] > > > Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1] > > mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com > > slapd[17535]: =3D> slap_access_allowed: search access granted by > > write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: > > =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 > > 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH > > RESULT tag=3D101 err=3D0 nentries=3D0 text=3D > [...] > > You should find out why operation 11 results in 0 entries. Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line: [heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user I don't know what is going on here. Also: there is a "TLS negotiation failure" failure. I have not even enabled TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it disabled everywhere. I want to test things without messing with creating a SSL Cert (none of this is anything close to a public facing production environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf -- is there some other option I need to set? Is there any change that selinux is having any effect? Selinux can be pesky at times. > > -Dieter > > --=20 > Dieter Kl=C3=BCnter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53=C2=B037'09,95"N > 10=C2=B008'02,42"E > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services [email protected] -- Webhosting Services
