On Wed, Jan 2, 2013 at 2:50 PM, Jakub Hrozek <[email protected]> wrote:
> On Wed, Jan 02, 2013 at 01:38:12PM +0100, Marco Pizzoli wrote: > > Hi Jakub, > > > > On Wed, Jan 2, 2013 at 1:13 PM, Jakub Hrozek <[email protected]> wrote: > > > > > On Wed, Jan 02, 2013 at 10:52:00AM +0100, Marco Pizzoli wrote: > > > > Hi guys, > > > > I'm currently not able to get sssd working in connecting to an AD > server > > > as > > > > a pure LDAPS server. > > > > > > > > I'm succeeding in connecting with a simple bind, but eventually I > can't > > > get > > > > sssd downloading any data. It ends with a > > > > Search result: Operations error(1), 000004DC: LdapErr: > DSID-0C0906E8, > > > > comment: In order to perform this operation a successful bind must be > > > > completed on the connection., data 0, v1db1 > > > > > > > > By using ldapsearch (pointing to the same ldaps url) I can execute > the > > > same > > > > search obtaining (correctly) 1 user. > > > > Honestly, I don't know what could be the problem... Any hint on a > > > > particular configuration directive to check? > > > > > > > > Full log following. > > > > I'm using sssd-1.8.0-32.el6.x86_64 on RHEL6.3 > > > > > > > > Thanks in advance > > > > Marco > > > > > > From the logs it seems that you are binding as "CN=baubau,OU=Service > > > Accounts,DC=testpippo,DC=local" but not using any bind password. Is > this > > > the same setting that works for you with ldapsearch? > > > > > > > Shame on me... > > In my sssd.conf I had: > > ldap_default_authok_type = password > > ldap_default_authok = my_password > > > > Instead of > > ldap_default_auth*t*ok_type = password > > ldap_default_auth*t*ok = my_password > > > > Now I managed to have it working. I admit I didn't noticed it before your > > hint. > > > > I just looked back at the logs, but I don't notice any hint about my > error. > > Should the sssd put a warning about a unknown/wrong directive? > > > > This is how I found out: > > (Wed Jan 2 09:20:26 2013) [sssd[be[TESTpippo.local]]] [dp_get_options] > (0x0400): Option ldap_default_bind_dn has value CN=baubau,OU=Service > Accounts,DC=testpippo,DC=local > (Wed Jan 2 09:20:26 2013) [sssd[be[TESTpippo.local]]] [dp_get_options] > (0x0400): Option ldap_default_authtok_type has value password > (Wed Jan 2 09:20:26 2013) [sssd[be[TESTpippo.local]]] [dp_get_options] > (0x0400): Option ldap_default_authtok has no binary value. > ^^^^^ > "No binary value" pretty much says "unset". > Good to know. Thank you again Marco
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
