On Wed, May 8, 2013 at 5:05 AM, Sumit Bose <sbose(a)redhat.com> wrote:
On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote:
> Hey all,
> Im back with another ldap question. this time I rebuilt sssd and
> followed this guide:
>
http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuration...
> for setting up ldap authentication on my centos 6.4 system.
>
> my firewall is off and selinux is disabled.
>
> when i do an ldapsearch -x "cn=test.user" it returns all the correct
> information, but doing id test.user returns no user.
As you can see from the logs SSSD is using
"(&(uid=test.user)(objectclass=posixAccount))" as search filter, can you
check if ldapsearch with this filter finds the entry as well?
Additionally can you check that the user object is located below the
search base you have given in sssd.conf?
HTH
bye,
Sumit
>
> I've attached the log files and all of the relevant files and maybe
> some non relevant ones as well.
>
> it appears as tho it is searching for the user but is simply not
> finding anything. Is there an option to search for cn=test.user? and
> not by uid?
>
> any help will be much appreciated.
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
thanks for the reply,
the user is definitely under the groups in sssd.conf.
ldapsearch with objectclass=posixAccount seems to be part of the
issue. Also it is searching for uid rather than the cn of the user.
if I do ldapsearch -x "uid=<UID of test.user> it works fine
if i do ldapsearch -x "uid=<UID of test.user>"
"objectclass=posixAccount" it does not.
ldapsearch -x "uid=test.user" returns all of the users in the search.
and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount"
returns no users.
so how do I tell my sssd to not use this filter? and to use cn instead of uid?