SSSD looking for password policy: "unrecognized control"

Tue, 01 Nov 2022 11:56:09 -0700 

Hi,

I am attempting to have SSSD do logins to my OpenLDAP 2.6.3 installation, 
however, I get "permission denied" when trying to log in because SSSD is asking 
for a password policy, which the server does not appear to have by default. 
Notably, we don't really care what "policy" the server will claim to have, 
because password authentication is delegated via SASL to another server which 
ensures strong passwords. So I just need something that will "get past" 
whatever checks SSSD is doing. What LDIF config can I add to my configuration 
to allow SSSD to let users log in properly?

The error from `journalctl -u slapd` is shown below:

Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 fd=11 ACCEPT from 
IP=10.8.8.202:41516 (IP=0.0.0.0:389)
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SRCH base="" scope=0 
deref=0 filter="(objectClass=*)"
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SRCH attr=* 
altServer namingContexts supportedControl supportedExtension supportedFeatures 
supportedLDAPVersion>
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SEARCH RESULT 
tag=101 err=0 qtime=0.000020 etime=0.000271 nentries=1 text=
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 BIND 
dn="cn=admin,dc=clab,dc=lab" method=128
Nov 01 18:16:58 ldapserver00 slapd[105481]: slap_global_control: unrecognized 
control: 1.3.6.1.4.1.42.2.27.8.5.1
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 BIND 
dn="cn=admin,dc=clab,dc=lab" mech=SIMPLE bind_ssf=0 ssf=0
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 RESULT tag=97 err=0 
qtime=0.000028 etime=0.000136 text=
Nov 01 18:16:58 ldapserver00 slapd[105481]: get_filter: conn 2239 unknown 
attribute type=sudoHost (17)
Nov 01 18:16:58 ldapserver00 slapd[105481]: get_ssa: conn 2239 unknown 
attribute type=sudoHost (17)
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SRCH 
base="ou=users,dc=clab,dc=lab" scope=2 deref=0 
filter="(&(?objectClass=sudoRole)(|(&(!(?sudoHost=*))(cn=de>
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SRCH 
attr=objectClass objectClass cn sudoCommand sudoHost sudoUser sudoOption 
sudoRunAs sudoRunAsUser sudoRunAs>
Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SEARCH RESULT 
tag=101 err=0 qtime=0.000016 etime=0.000326 nentries=0 text=

TIA!

Reply via email to