On (14/10/16 02:26), liujita...@gmail.com wrote:
>hi,all
>
>#### user op01 
>ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b 
>uid=op01,ou=people,dc=suntv,dc=tv
Here you are using manager account for ldap search "cn=manager,dc=suntv,dc=tv"

>Enter LDAP Password: 
>```
># extended LDIF
>#
># LDAPv3
># base <uid=op01,ou=people,dc=suntv,dc=tv> with scope subtree
># filter: (objectclass=*)
># requesting: ALL
>#
>
># op01, people, suntv.tv
>dn: uid=op01,ou=people,dc=suntv,dc=tv
>uid: op01
>cn: op01
>sn: op01
>objectClass: hostObject
>objectClass: posixAccount
>objectClass: shadowAccount
>objectClass: inetOrgPerson
>userPassword:: MTIzNDU2
>shadowLastChange: 17085
>shadowMin: 0
>shadowMax: 99999
>shadowWarning: 7
>loginShell: /bin/bash
>uidNumber: 1001
>gidNumber: 2001
>homeDirectory: /home/op01
>labeledURI: ldaps:///ou=op,ou=host,dc=suntv,dc=tv?host
>#  Dynamic Lists of the opneldap
>host: 192.168.1.21
>#  generated Dynamic Lists of the opneldap 
>host: 192.168.1.22
>#  generated Dynamic Lists of the opneldap 
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>```
>
>
>####sssd.conf
>```
>id_provider = ldap
>auth_provider = ldap
>chpass_provider = ldap
>
>......
>
>ldap_search_base = dc=suntv,dc=tv
>ldap_user_search_base = ou=people,dc=suntv,dc=tv
>ldap_group_search_base = ou=group,dc=suntv,dc=tv
>
>......
>
>access_provider = ldap
>ldap_access_order = filter
>ldap_access_filter = (|(host=all)(host=192.168.1.21))
>```
But I cannot see it here. It might be cause by unnecessary obfuscation of
sssd.conf. So sssd used annonymous search.

@see man sssd-ldap
-> ldap_default_bind_dn
-> ldap_default_authtok_type
-> ldap_default_authtok

LS
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to