At Fri, 22 Sep 2017 16:34:44 +0200 [email protected] wrote: > > Am 22.09.2017 um 15:45 schrieb Robert Heller: > > At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= > > <[email protected]> wrote: > > > >> > >> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) > >> schrieb Robert Heller <[email protected]>: > >> [...] > >> > >>> Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1] > >>> mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com > >>> slapd[17535]: =3D> slap_access_allowed: search access granted by > >>> write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: > >>> =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 > >>> 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH > >>> RESULT tag=3D101 err=3D0 nentries=3D0 text=3D > >> [...] > >> > >> You should find out why operation 11 results in 0 entries. > > > > Operation 11 *seems* to be fetching the uid, using self, which has write > > access, which implies read access, which seems to work just fine, using > > ldapsearch from the command line: > > > > [heller@c764guest ~]$ ldapsearch -D > > uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid > > Enter LDAP Password: > > dn: uid=test2user,ou=People,dc=deepsoft,dc=com > > uid: test2user > > > > I don't know what is going on here. > > > > Also: there is a "TLS negotiation failure" failure. I have not even enabled > > TLS and/or ssl. At least I don't think I have it enabled. I *think* I have > > it > > disabled everywhere. I want to test things without messing with creating a > > SSL > > Cert (none of this is anything close to a public facing production > > environment). I have ldap_id_use_start_tls set to false in > > /etc/sssd/sssd.conf > > -- is there some other option I need to set? > > > Ok, if you use auth_provider = ldap in your sssd SSL/TLS is a must. > IMHO it isn't possible to get it work without.
Yesh :-(. Now I have to get the SSL/TLS working... I have a cert now, but it is own my own CA and I am not sure how to get that to work... > > > best regards > Michael > > > Is there any change that selinux is having any effect? Selinux can be > > pesky > > at times. > > > >> > >> -Dieter > >> > >> --=20 > >> Dieter Kl=C3=BCnter | Systemberatung > >> http://sys4.de > >> GPG Key ID: E9ED159B > >> 53=C2=B037'09,95"N > >> 10=C2=B008'02,42"E > >> > >> > >> > > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services [email protected] -- Webhosting Services
