I'd top that by adding that I've recently implemented a solution with the latest IPA provided in RHEL 6.3, and it's amazing. It uses 389 behind the scene, but bundles it with Kerberos and many other useful features, and also abstracts the SSSD configuration away by default.
See : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html Matthias On Thu, 26 Jul 2012 09:46:53 -0400 solarflow99 <solarflo...@gmail.com> wrote: > I can just say I had much better luck with 389, i found it a clean and > easy solution for a production system. > > > > On Thu, Jul 26, 2012 at 5:18 AM, Chris <ch...@flamengro.co.za> wrote: > > Hi. > > > > I am using rhel 6.3, with sssd-1.8.0 and > > openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64. > > The problem I'm having is I get this error message in messages file. > > > > "sssd[be[default]]: Could not start TLS encryption. TLS error > > -5938:Encountered end of file" > > Errors I saw in sssd_default.log > > > > When I add new users I cannot log in with the new names, a > > ldapseach shows them but getent passwd nothing. > > Not all the users show up on my other machines, only some. > > > > Any help will be appreciated. > > > > > > My slapd.conf file looks like this. > > > > include /etc/openldap/schema/corba.schema > > include /etc/openldap/schema/core.schema > > include /etc/openldap/schema/cosine.schema > > include /etc/openldap/schema/duaconf.schema > > include /etc/openldap/schema/dyngroup.schema > > include /etc/openldap/schema/inetorgperson.schema > > include /etc/openldap/schema/java.schema > > include /etc/openldap/schema/misc.schema > > include /etc/openldap/schema/nis.schema > > include /etc/openldap/schema/openldap.schema > > include /etc/openldap/schema/ppolicy.schema > > include /etc/openldap/schema/collective.schema > > > > allow bind_v2 > > > > pidfile /var/run/openldap/slapd.pid > > argsfile /var/run/openldap/slapd.args > > > > database bdb > > suffix "dc=flamengro,dc=com" > > checkpoint 1024 15 > > rootdn "cn=Manager,dc=flamengro,dc=com" > > > > rootpw secret > > > > directory /var/lib/ldap/flamengro > > > > index objectClass eq,pres > > index ou,cn,mail,surname,givenname eq,pres,sub > > index uidNumber,gidNumber,loginShell eq,pres > > index uid,memberUid eq,pres,sub > > index nisMapName,nisMapEntry eq,pres,sub > > > > database monitoraccess to * > > by dn.exact="cn=Manager,dc=flamengro,dc=com" read > > by * none > > access to attrs=userPassword,shadowLastChange > > by anonymous auth > > by self write > > by * none > > > > My sssd.conf file looks like this > > > > [sssd] > > config_file_version = 2 > > > > reconnection_retries = 3 > > > > sbus_timeout = 30 > > services = nss, pam > > > > domains = default > > > > [nss] > > filter_groups = root > > filter_users = root > > reconnection_retries = 3 > > > > [pam] > > reconnection_retries = 3 > > > > [domain/default] > > auth_provider = ldap > > cache_credentials = True > > ldap_id_use_start_tls = True > > debug_level = 9 > > ldap_search_base = dc=flamengro,dc=com > > # krb5_realm = EXAMPLE.COM > > chpass_provider = ldap > > id_provider = ldap > > ldap_uri = ldap://ibm-01.flamengro.co.za > > # krb5_kdcip = kerberos.example.com > > ldap_tls_cacertdir = /etc/openldap/cacerts > > enumerate = True > > ldap_sasl_canonicalize = true > > # krb5_server = kerberos.example.com > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > rhelv6-list mailing list > > rhelv6-list@redhat.com > > https://www.redhat.com/mailman/listinfo/rhelv6-list > > > > _______________________________________________ > rhelv6-list mailing list > rhelv6-list@redhat.com > https://www.redhat.com/mailman/listinfo/rhelv6-list -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██████████████ Mail/XMPP: matth...@saou.eu ████ ██████ ████ ██████████████████████ GPG: 4096R/E755CC63 ██ ██████████████ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 ████ ████ _______________________________________________ rhelv6-list mailing list rhelv6-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv6-list
