On Fri, Nov 14, 2014 at 03:27:39AM +0000, Aaron Jenkins wrote: > Hi, > > I have a server running ApacheDS with both SSL and TLS enabled with a valid > keystore. It allows me to connect via other ldap clients on both SSL and > StartTLS and I’m able to use Kerberos from the client machine. > > However, when I configure sssd on a client machine to use ldap and use the > ApacheDS as it’s provider, it fails with the message > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): domain: AUTOMATON.UK > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): user: aaron.jenkins > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): service: login > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): tty: /dev/pts/15 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): ruser: > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): rhost: > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): authtok type: 1 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): newauthtok type: 0 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): priv: 1 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] > (0x0100): cli_pid: 9586 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'LDAP' > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] > [be_resolve_server_process] (0x0200): Found address for server > ds.automaton.uk: [10.211.55.27] TTL 7200 > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_sys_connect_done] > (0x0100): Executing START TLS > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_connect_done] > (0x0080): START TLS result: Success(0), (null) > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_connect_done] > (0x0080): ldap_install_tls failed: [Connect error] [(unknown error code)] > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_set_port_status] > (0x0100): Marking port 10389 of server 'ds.automaton.uk' as 'not working' > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'LDAP' > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] > (0x0020): No available servers for service 'LDAP' > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_run_offline_cb] > (0x0080): Going offline. Running callbacks. > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] > (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline > (Authentication service cannot retrieve authentication info)] > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] > (0x0100): Sending result [9][AUTOMATON.UK] > (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] > (0x0100): Sent result [9][AUTOMATON.UK] > > My sssd configuration is as follows: > > [sssd] > config_file_version = 2 > services = nss, pam > domains = AUTOMATON.UK > debug_level = 5 > > [domain/AUTOMATON.UK] > debug_level = 5 > cache_credentials = true > > id_provider = ldap > auth_provider = ldap > > ldap_uri = ldap://ds.automaton.uk:10389 > ldap_search_base = dc=automaton,dc=uk > chpass_provider = ldap > entry_cache_timeout = 600 > ldap_network_timeout = 2 > > The search base and the uri is correct as it works with other things. Do you > guys have any idea what could be going wrong?
SSSD uses libldap under the hood, so you should get the same results as with ldapsearch -ZZ -- have you tried ldapsearch? _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
