On Tue, Jul 3, 2018 at 11:45 PM Sumit Bose <sbose(a)redhat.com> wrote:
On Thu, Jun 28, 2018 at 07:46:29PM -0700, Peter Moody wrote:
> are there any logs I can provide to help anyone figure out why this is
> happening? I've (re-)confirmed that this behavior is present in 1.16.1
Can you send your sssd.conf for a start.
Thanks!
pjm@deb:~$ sudo cat /etc/sssd/sssd.conf
[nss]
debug_level = 0x06f0
filter_groups = root
filter_users = root
reconnection_retries = 3
use_fully_qualified_names = true
[pam]
debug_level = 0x46f0
reconnection_retries = 3
[sssd]
debug_level = 0x06f0
config_file_version = 2
reconnection_retries = 3
services = nss, pam
domains = X.COM
[
domain/x.com]
debug_level = 0x46f0
override_shell = /bin/bash
ignore_group_members = true
ldap_referrals = false
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = ldap
ldap_uri =
ldaps://ldap.x.com
ldap_search_base = dc=x,dc=com
ldap_tls_cacert = /etc/ldap/ca.pem
ldap_tls_reqcert = demand
ldap_id_use_start_tls = true
dns_discovery_domain = x.com
ldap_schema = rfc2307
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
ldap_user_search_base = ou=people,dc=x,dc=com
ldap_group_search_base = ou=groups,dc=x,dc=com
ldap_user_object_class = inetOrgPerson
ldap_user_home_directory = homeDirectory
ldap_group_object_class = posixGroup
# ldap_group_name = cn
#Bind credentials
ldap_default_bind_dn = <...>
ldap_default_authtok = <...>
pjm@deb:~$