On Fri, Aug 09, 2019 at 08:33:43PM -0000, Jane Eason wrote: > Our LDAP does not include the POSIX schema, so we made a couple of entries in > sssd.conf to attempt to work around that. > > Here is our complete (slightly redacted) sssd.conf: > > [domain/mydomain] > id_provider = ldap > auth_provider = ldap > access_provider = ldap > ldap_uri = ldaps://mydomain.my.edu > ldap_search_base = ou=people,ou=primary,ou=eid,dc=my,dc=edu > ldap_default_bind_dn = cn=my-proxy,ou=proxies,dc=my,dc=edu > ldap_default_authtok = REDACTED > ldap_access_filter = uid=* > ldap_schema = rfc2307 > cache_credentials = false > ldap_user_object_class = inetorgperson > ldap_id_mapping = false > ldap_user_uid_number = uid
Are you sure your user ID are stored in the uid attribute? Because in the earlier log snippet, sdap_save_user was complaining about missing UID: (Thu Aug 8 16:45:53 2019) [sssd[be[mydomain]]] [sdap_save_user] (0x0020): Cannot retrieve UID for [myuser@mydomain] in domain [mydomain] (Thu Aug 8 16:45:53 2019) [sssd[be[mydomain]]] [sdap_save_user] (0x0020): Failed to save user [myuser@mydomain] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
