> On 06/04/2014 06:54 PM, Robert Zmijan wrote:
>>> On 06/04/2014 04:13 PM, Robert Zmijan wrote:
>>>>> On Wed, 2014-06-04 at 18:15 +0100, Robert Zmijan wrote:
>>>>>> Hi
>>>>>>
>>>>>> I want to setup sssd to use ldap_default_bind_dn and
>>>>>> ldap_default_authok. currently I have in my sssd.conf
>>>>>> ldap_default_bind_dn = cn=sssd,ou=services,dc=myhost,dc=net
>>>>>> ldap_default_authok = mypassword I understand that I would
>>>>>> have to put 'mypassword' in ldap under the name of 'sssd'
>>>>>> the problem I'm facing is that when i type: sss_obfuscate I
>>>>>> get this:
>>>>>>
>>>>>> File "/usr/sbin/sss_obfuscate", line 81 print "Cannot read
>>>>>> internal configuration files"
>>>>> chmod 0600 /etc/sssd/sssd.conf
>>>>>
>>>> Just did that. running sss_obuscate has still the same effect as
>>>> above:
>>>> File "/usr/sbin/sss_obfuscate", line 81 print "Cannot read
>>>> internal configuration files"
>>>> Syntax Error: invalid syntax
>>> "invalid syntax" probably means you have an error in the config
>>> file. Mind including it so we can help you spot the syntax error?
>> Sure, did you mean sssd.conf?
>>
>> here it is
>>
>> [sssd]
>> config_file_version = 2
>> services = nss, pam
>> domains = LDAP
>>
>> [nss]
>>
>> filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
>>
>>
>> [pam]
>>
>> # Example LDAP domain
>> [domain/LDAP]
>> id_provider = ldap
>>
>> ldap_id_use_start_tls = True
>>
>> auth_provider = ldap
>> chpass_provider = ldap
>> access_provider = ldap
>>
>> ldap_access_filter = gidNumber=100
>>
>> ldap_user_ssh_public_key = sshPublicKey
>> ldap_default_bind_dn=cn=sssd,ou=services,dc=myhost,dc=net
>>
>> ldap_tls_reqcert = never
>> ldap_tls_cacert = /etc/openldap/ssl/ldapscert.crt
>> ldap_uri = ldap://127.0.0.1
>> ldap_search_base = dc=homelinux,dc=net
>> ldap_user_search_base = ou=People,dc=myhost,dc=net
>> ldap_group_search_base = ou=Group,dc=myhost,dc=net
>>
>> enumerate = true
>
> Please do not use enumerate=true unless you really need to.
> In most cases it should not be enabled.
> It seems that your case is such.
>
> 2c.
> Dmitri
Thanks, I'll change the enumerate value.
By the way, I solved my problem with sss_obfuscate on my Gentoo.
The sss_obfuscate script is not compatible with python 3.3 which is the
default interpreter in my system.
Changing the first line of the sss_obfuscate to:
#!/usr/bin/python2.7 (instead '#!/usr/bin/python')
and adding
export PYTHONPATH=${PYTHONPATH}:/usr/lib64/python2.7/site-packages
to .bashrc
solved the problem
The message "Cannot read internal configuration files" was all about
python3.3 complaining about the syntax of python2.7 of the sss_obfuscate
script, and lacking path to SSSD specyfic *.py modules.
Now I have my obfuscated passwd in sssd.config file.
Can you tell me what is now best to do on the ldap side to make SSSD
authenticate itself with that password?
R.
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
