hi,all #### user op01 ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b uid=op01,ou=people,dc=suntv,dc=tv Enter LDAP Password: ``` # extended LDIF # # LDAPv3 # base <uid=op01,ou=people,dc=suntv,dc=tv> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# op01, people, suntv.tv dn: uid=op01,ou=people,dc=suntv,dc=tv uid: op01 cn: op01 sn: op01 objectClass: hostObject objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson userPassword:: MTIzNDU2 shadowLastChange: 17085 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1001 gidNumber: 2001 homeDirectory: /home/op01 labeledURI: ldaps:///ou=op,ou=host,dc=suntv,dc=tv?host # Dynamic Lists of the opneldap host: 192.168.1.21 # generated Dynamic Lists of the opneldap host: 192.168.1.22 # generated Dynamic Lists of the opneldap # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ``` ####sssd.conf ``` id_provider = ldap auth_provider = ldap chpass_provider = ldap ...... ldap_search_base = dc=suntv,dc=tv ldap_user_search_base = ou=people,dc=suntv,dc=tv ldap_group_search_base = ou=group,dc=suntv,dc=tv ...... access_provider = ldap ldap_access_order = filter ldap_access_filter = (|(host=all)(host=192.168.1.21)) ``` ####test ssh op01@192.168.1.21 op01@192.168.1.21's password: Connection to 192.168.1.21 closed by remote host. Connection to 192.168.1.21 closed. sssd_LDAP.log ``` (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_send] (0x0400): Performing access filter check for user [op01] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_send] (0x0400): Checking filter against LDAP (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_print_server] (0x2000): Searching 192.168.1.11 (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=op01)(objectclass=posixAccount)(|(host=all)(host=192.168.1.21)))][uid=op01,ou=people,dc=suntv,dc=tv]. (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_op_add] (0x2000): New operation 5 timeout 6 (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x7f1b15cca440], connected[1], ops[0x7f1b15d9a700], ldap[0x7f1b15cb09f0] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_op_destructor] (0x2000): Operation 5 finished (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_done] (0x0100): User [op01] was not found with the specified filter. Denying access. (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_done] (0x0400): Access denied by online lookup (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f1b15d9da80 (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f1b15d9dbb0 (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Running timer event 0x7f1b15d9da80 "ltdb_callback" (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Destroying timer event 0x7f1b15d9dbb0 "ltdb_timeout" (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Ending timer event 0x7f1b15d9da80 "ltdb_callback" (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_done] (0x0400): Access was denied. (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>) [Success (Permission denied)] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [6][LDAP] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [6][LDAP] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x7f1b15cca440], connected[1], ops[(nil)], ldap[0x7f1b15cb09f0] (Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Oct 14 10:23:06 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus conn: 0x7f1b15cac500 (Fri Oct 14 10:23:06 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): Dispatching. ``` calling ldap_search_ext with [(&(uid=op01)(objectclass=posixAccount)(|(host=all)(host=192.168.1.21)))][uid=op01,ou=people,dc=suntv,dc=tv] User [op01] was not found with the specified filter. Denying access. Why is not results the ldap_search_ext? please help me, thank. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org