If you take a look at the listing of the user section I posted, you'll
see 2nd to the last line:
...
sn = Brown
uid = abrown
userPrincipalName = abrown(a)example.com
As to your 2nd statement, I'm using OpenLDAP in conjunction with AD and
using OpenLDAP proxy to AD,
thereby needing in sssd to have access_provider = ldap
------ Original Message ------
From: "John Hodrien" <J.H.Hodrien(a)leeds.ac.uk>
To: "Sterling Sahaydak" <sterling.sahaydak(a)pi-coral.com>; "End-user
discussions about the System Security Services Daemon"
<sssd-users(a)lists.fedorahosted.org>
Sent: 4/9/2015 4:13:00 AM
Subject: Re: [SSSD-users] sssd - CentOS to Active Directory - no errmsg
set and returning 0 results
On Wed, 8 Apr 2015, Sterling Sahaydak wrote:
>***but the underlying issue is can't seem to get users to authenticate
>nor retrieve group information.
>ldap_search_ext called, msgid = 8
>Search result: No such object(32), no errmsg set
>Search for users, returned 0 results.
>Failed to retrieve users
Am I reading this right? You've got a user configured with no explicit
UID,
and then you're avoiding using the AD provider (with the id mapping)
and just
use LDAP. LDAP that's going to want to know the UID of the user, but
can't
because no attribute defines it.
I think you need a really good reason to avoid using the AD provider.
That
also means you need a really good reason to not configure kerberos. Why
would
you want to not use kerberos?
jh