On (14/10/16 02:26), liujita...@gmail.com wrote: >hi,all > >#### user op01 >ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b >uid=op01,ou=people,dc=suntv,dc=tv Here you are using manager account for ldap search "cn=manager,dc=suntv,dc=tv"
>Enter LDAP Password: >``` ># extended LDIF ># ># LDAPv3 ># base <uid=op01,ou=people,dc=suntv,dc=tv> with scope subtree ># filter: (objectclass=*) ># requesting: ALL ># > ># op01, people, suntv.tv >dn: uid=op01,ou=people,dc=suntv,dc=tv >uid: op01 >cn: op01 >sn: op01 >objectClass: hostObject >objectClass: posixAccount >objectClass: shadowAccount >objectClass: inetOrgPerson >userPassword:: MTIzNDU2 >shadowLastChange: 17085 >shadowMin: 0 >shadowMax: 99999 >shadowWarning: 7 >loginShell: /bin/bash >uidNumber: 1001 >gidNumber: 2001 >homeDirectory: /home/op01 >labeledURI: ldaps:///ou=op,ou=host,dc=suntv,dc=tv?host ># Dynamic Lists of the opneldap >host: 192.168.1.21 ># generated Dynamic Lists of the opneldap >host: 192.168.1.22 ># generated Dynamic Lists of the opneldap ># search result >search: 2 >result: 0 Success > ># numResponses: 2 ># numEntries: 1 >``` > > >####sssd.conf >``` >id_provider = ldap >auth_provider = ldap >chpass_provider = ldap > >...... > >ldap_search_base = dc=suntv,dc=tv >ldap_user_search_base = ou=people,dc=suntv,dc=tv >ldap_group_search_base = ou=group,dc=suntv,dc=tv > >...... > >access_provider = ldap >ldap_access_order = filter >ldap_access_filter = (|(host=all)(host=192.168.1.21)) >``` But I cannot see it here. It might be cause by unnecessary obfuscation of sssd.conf. So sssd used annonymous search. @see man sssd-ldap -> ldap_default_bind_dn -> ldap_default_authtok_type -> ldap_default_authtok LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org