[SSSD-users] Re: Problem getting sssd to work with LDAP authentication

Mon, 12 Aug 2019 07:11:52 -0700 

[(&(uid=myuser)(objectclass=inetorgperson)(&(uid=*)(!(uid=0))))][ou=people,ou=primary,ou=eid,dc=my,dc=edu].
what does an ldapsearch with objectclass=inetorgperson uid=\* return? and do 
you also have a uidnumber attribute? 



> On August 12, 2019 at 12:55 AM Jakub Hrozek <[email protected]> wrote:
> 
> 
> On Fri, Aug 09, 2019 at 08:33:43PM -0000, Jane Eason wrote:
> > Our LDAP does not include the POSIX schema, so we made a couple of entries 
> > in sssd.conf to attempt to work around that.
> > 
> > Here is our complete (slightly redacted) sssd.conf:
> > 
> > [domain/mydomain]
> > id_provider = ldap
> > auth_provider = ldap
> > access_provider = ldap
> > ldap_uri = ldaps://mydomain.my.edu
> > ldap_search_base = ou=people,ou=primary,ou=eid,dc=my,dc=edu
> > ldap_default_bind_dn = cn=my-proxy,ou=proxies,dc=my,dc=edu
> > ldap_default_authtok = REDACTED
> > ldap_access_filter = uid=*
> > ldap_schema = rfc2307
> > cache_credentials = false
> > ldap_user_object_class = inetorgperson
> > ldap_id_mapping = false
> > ldap_user_uid_number = uid
> 
> Are you sure your user ID are stored in the uid attribute? Because in
> the earlier log snippet, sdap_save_user was complaining about missing
> UID:
> 
> (Thu Aug  8 16:45:53 2019) [sssd[be[mydomain]]] [sdap_save_user] (0x0020): 
> Cannot retrieve UID for [myuser@mydomain] in domain [mydomain]
> (Thu Aug  8 16:45:53 2019) [sssd[be[mydomain]]] [sdap_save_user] (0x0020): 
> Failed to save user [myuser@mydomain]
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to