On Fri, Aug 09, 2019 at 08:33:43PM -0000, Jane Eason wrote: > Our LDAP does not include the POSIX schema, so we made a couple of entries in > sssd.conf to attempt to work around that. > > Here is our complete (slightly redacted) sssd.conf: > > [domain/mydomain] > id_provider = ldap > auth_provider = ldap > access_provider = ldap > ldap_uri = ldaps://mydomain.my.edu > ldap_search_base = ou=people,ou=primary,ou=eid,dc=my,dc=edu > ldap_default_bind_dn = cn=my-proxy,ou=proxies,dc=my,dc=edu > ldap_default_authtok = REDACTED > ldap_access_filter = uid=* > ldap_schema = rfc2307 > cache_credentials = false > ldap_user_object_class = inetorgperson > ldap_id_mapping = false > ldap_user_uid_number = uid
Hi, according to the logs you have send the uid attribute already is used for the user name (uid=myuser) so it cannot but the numerical POSIX UID at the same time. Please check if the attribute with the UID has a different name. HTH bye, Sumit > #proxy_pam_target = sssd-shadowutils > ldap_id_use_start_tls = false > ldap_tls_cacertdir = /etc/openldap/cacerts > ldap_tls_cacert = /etc/openldap/cacerts/mydomain_my_edu_interm.cer > ldap_tls_cert = /etc/openldap/certs/mydomain_my_edu_cert.cer > ldap_tls_reqcert = never > entry_cache_timeout = 5 > debug_level = 9 > > > [sssd] > config_file_version = 2 > reconnection_retries = 3 > sbus_timeout = 30 > services = nss, pam > domains = mydomain > debug_level = 9 > certificate_verification = no_verification > > [pam] > reconnection_retries = 3 > offline_credentials_expiration = 2 > offline_failed_login_attempts = 3 > offline_failed_login_delay = 5 > pam_verbosity = 3 > debug_level = 9 > > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > debug_level = 9 > > Thanks for looking, > > Jane > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org