Hi, I am having a problem with a new dirsrv setup, getting a linux client to authenticate with LDAP. I have done all the usual things to troubleshoot, if anyone has seen this or knows what can be done I would sure appreciate any help. Here's what i'm noticing:
- I need to have the bind_dn of Directory Manager specified to lookup almost anything in LDAP, not sure why this is?
- sssd can find a sample user I created but still there seems to be a problem, it looks like PAM but I did use authselect to use the sss profile:
$ *ldapsearch -x -LLL -D "cn=Directory Manager" -W -b ou=people,o=solarflow -H ldap://dev2.local '(uid=john)' cn gidNumber userPassword* Enter LDAP Password: dn: uid=john,ou=people,o=solarflow cn: John Smith gidNumber: 10001 userPassword:: e1BCS0RGMixxxxxxx...xxx==
*$ sssctl domain-status ldap* Online status: Online
Active servers: LDAP: dev2.local
Discovered LDAP servers: - dev2.local
localhost ~* $ sssctl user-checks john* user: john action: acct service: system-auth
sss_getpwnam_r failed with [0]. User name lookup with [john] failed. SSSD InfoPipe user lookup result: - name: john - uidNumber: 10001 - gidNumber: 10001 - gecos: John Smith - homeDirectory: /home/john - loginShell: /bin/bash
testing pam_acct_mgmt
pam_acct_mgmt: User not known to the underlying authentication module
PAM Environment: - no env -
localhost ~ *$ getent passwd john*
localhost ~ *$ id john* id: ‘john’: no such user
*$ authselect current* Profile ID: sssd Enabled features: - with-mkhomedir - with-pamaccess - with-sudo
*Here is my sssd.conf:*
[sssd] config_file_version = 2 domains = LDAP #services=pam debug_level = 6
[domain/LDAP] id_provider = ldap auth_provider = ldap #chpass_provider = ldap ldap_uri = ldap://dev2.local ldap_search_base = o=solarflow ldap_default_bind_dn = cn=Directory Manager ldap_default_authtok = my_secret_password cache_credentials = True debug_level = 6
389-users@lists.fedoraproject.org