[SSSD-users] Re: one user can't be looked up

Fri, 06 Jul 2018 09:02:58 -0700 

On Tue, Jul 3, 2018 at 11:45 PM Sumit Bose <[email protected]> wrote:
>
> On Thu, Jun 28, 2018 at 07:46:29PM -0700, Peter Moody wrote:
> > are there any logs I can provide to help anyone figure out why this is
> > happening? I've (re-)confirmed that this behavior is present in 1.16.1
>
> Can you send your sssd.conf for a start.

Thanks!

pjm@deb:~$ sudo cat /etc/sssd/sssd.conf
[nss]
debug_level = 0x06f0
filter_groups = root
filter_users  = root

reconnection_retries = 3
use_fully_qualified_names = true

[pam]
debug_level = 0x46f0
reconnection_retries = 3

[sssd]
debug_level = 0x06f0
config_file_version  = 2
reconnection_retries = 3
services = nss, pam
domains = X.COM

[domain/x.com]
debug_level    = 0x46f0
override_shell = /bin/bash
ignore_group_members = true
ldap_referrals = false
enumerate      = false
cache_credentials = true

id_provider     = ldap
access_provider = ldap
auth_provider   = ldap

ldap_uri         = ldaps://ldap.x.com
ldap_search_base = dc=x,dc=com
ldap_tls_cacert  = /etc/ldap/ca.pem

ldap_tls_reqcert      = demand
ldap_id_use_start_tls = true

dns_discovery_domain   = x.com

ldap_schema = rfc2307
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

ldap_user_search_base    = ou=people,dc=x,dc=com
ldap_group_search_base   = ou=groups,dc=x,dc=com
ldap_user_object_class   = inetOrgPerson
ldap_user_home_directory = homeDirectory
ldap_group_object_class  = posixGroup
# ldap_group_name = cn

#Bind credentials
ldap_default_bind_dn = <...>
ldap_default_authtok = <...>

pjm@deb:~$
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]/message/5QG7ZC6THL7O7J5HPQM6OCVXGTB7B7AB/

Reply via email to