Lukas, Below is a log excerpt from a failed authentication. It looks like sssd tries to bind to the ldap server with the given username, which fails. I'll ask my ldap admin, but I think the openldap server is set up to transfer shadow data over tls without the need for a username/password to bind. I thought the bind user/password was an AD thing. I'm sure I never needed a bind user when authenticating to this server with nslcd.
Thanks again. START TLS result: Success(0), (null) (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ldap.edu' as 'working' (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'ldap.edu' as 'working' (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ldap.edu' as 'working' (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x806606f20 (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x806606fe0 (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Running timer event 0x806606f20 "ltdb_callback" (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Destroying timer event 0x806606fe0 "ltdb_timeout" (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Ending timer event 0x806606f20 "ltdb_callback" (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [find_password_expiration_attributes] (0x4000): No password policy requested. (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=myuser,ou=People,o=ENGR (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x806613740], connected[1], ops[0x8066064a0], ldap[0x806417940] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x806613740], connected[1], ops[0x8066064a0], ldap[0x806417940] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_done] (0x1000): Server returned no controls. (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_done] (0x0400): Bind result: Invalid credentials(49), no errmsg set (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_handle_release] (0x2000): Trace: sh[0x806613740], connected[1], ops[0x0], ldap[0x806417940], destructor_lock[0], release_memory[0] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [remove_connection_callback] (0x4000): Successfully removed connection callback. (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 9, <NULL>) [Success] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sending result [9][default] (Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sent result [9][default] _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
