On Wed, May 8, 2013 at 9:26 AM, Wojtak, Greg (Superfly)
<GregWojtak(a)quickenloans.com> wrote:
> I think your syntax is a little off. Try
>
> ldapsearch -x -LLL '(&(uid=test.user)(objectClass=posixAccount))' uid
> uidnumber homedirectory gidnumber loginshell
>
> You should have those 5 values returned.
>
> --
> Greg Wojtak
> Senior Unix Systems Engineer
> Office: (313) 373-4306
> Mobile: (734) 718-8472
>
>
>
>
>
>
> On 5/8/13 11:52 AM, "Brandon Foster" <brandon.foster(a)liferay.com>
wrote:
>
>>On Wed, May 8, 2013 at 5:05 AM, Sumit Bose <sbose(a)redhat.com> wrote:
>>> On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote:
>>>> Hey all,
>>>> Im back with another ldap question. this time I rebuilt sssd and
>>>> followed this guide:
>>>>
>>>>http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuratio
>>>>n-and-troubleshooting/
>>>> for setting up ldap authentication on my centos 6.4 system.
>>>>
>>>> my firewall is off and selinux is disabled.
>>>>
>>>> when i do an ldapsearch -x "cn=test.user" it returns all the
correct
>>>> information, but doing id test.user returns no user.
>>>
>>> As you can see from the logs SSSD is using
>>> "(&(uid=test.user)(objectclass=posixAccount))" as search
filter, can you
>>> check if ldapsearch with this filter finds the entry as well?
>>> Additionally can you check that the user object is located below the
>>> search base you have given in sssd.conf?
>>>
>>> HTH
>>>
>>> bye,
>>> Sumit
>>>>
>>>> I've attached the log files and all of the relevant files and maybe
>>>> some non relevant ones as well.
>>>>
>>>> it appears as tho it is searching for the user but is simply not
>>>> finding anything. Is there an option to search for cn=test.user? and
>>>> not by uid?
>>>>
>>>> any help will be much appreciated.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> _______________________________________________
>>>> sssd-users mailing list
>>>> sssd-users(a)lists.fedorahosted.org
>>>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>>
>>> _______________________________________________
>>> sssd-users mailing list
>>> sssd-users(a)lists.fedorahosted.org
>>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>
>>thanks for the reply,
>>the user is definitely under the groups in sssd.conf.
>>
>>ldapsearch with objectclass=posixAccount seems to be part of the
>>issue. Also it is searching for uid rather than the cn of the user.
>>
>>if I do ldapsearch -x "uid=<UID of test.user> it works fine
>>
>>if i do ldapsearch -x "uid=<UID of test.user>"
>>"objectclass=posixAccount" it does not.
>>
>>ldapsearch -x "uid=test.user" returns all of the users in the search.
>>
>>and finally ldapsearch -x "uid=test.user"
"objectclass=posixAccount"
>>returns no users.
>>
>>so how do I tell my sssd to not use this filter? and to use cn instead of
>>uid?
>>_______________________________________________
>>sssd-users mailing list
>>sssd-users(a)lists.fedorahosted.org
>>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sorry, not to familiar with the ldapsearch commands.
anyways, test.user is not of objectclass posixAccoount so with that
filter nothing comes back, if I change it to cn= and objectclass=<an
objectlcass test.user is a part of> then it just returns the DN of the
user.
ldap_user_name = cn
ldap_user_object_class =
attributes in sssd.conf seem to be altering these values for me when i
search for the id of test.user.
but it cant seem to find uiduidnumber homedirectory gidnumber or
loginshell attributes for my users.
it looks that you are using a custom LDPA schema. You can map the
default attributes for home directory etc to other values with
ldap_user_home_directory
ldap_user_uid_number
ldap_user_gid_number
ldap_user_shell
respectively, see man sssd-ldap for more details, e.g. how to map group
attributes.
HTH
bye,
Sumit
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users