[SSSD-users] Re: Problem getting sssd to work with LDAP authentication

[Jane Eason]

Our LDAP does not include the POSIX schema, so we made a couple of entries in 
sssd.conf to attempt to work around that.

Here is our complete (slightly redacted) sssd.conf:

[domain/mydomain]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_uri = ldaps://mydomain.my.edu
ldap_search_base = ou=people,ou=primary,ou=eid,dc=my,dc=edu
ldap_default_bind_dn = cn=my-proxy,ou=proxies,dc=my,dc=edu
ldap_default_authtok = REDACTED
ldap_access_filter = uid=*
ldap_schema = rfc2307
cache_credentials = false
ldap_user_object_class = inetorgperson
ldap_id_mapping = false
ldap_user_uid_number = uid
#proxy_pam_target = sssd-shadowutils
ldap_id_use_start_tls = false
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/mydomain_my_edu_interm.cer
ldap_tls_cert = /etc/openldap/certs/mydomain_my_edu_cert.cer
ldap_tls_reqcert = never
entry_cache_timeout = 5
debug_level = 9


[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = mydomain
debug_level = 9
certificate_verification = no_verification

[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
pam_verbosity = 3
debug_level = 9

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9

Thanks for looking,

Jane
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org