Lukas,
Below is a log excerpt from a failed authentication. It looks like sssd tries to bind to
the ldap server with the given username, which fails. I'll ask my ldap admin, but I
think the openldap server is set up to transfer shadow data over tls without the need for
a username/password to bind. I thought the bind user/password was an AD thing. I'm
sure I never needed a bind user when authenticating to this server with nslcd.
Thanks again.
START TLS result: Success(0), (null)
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port
389 of server 'ldap.edu' as 'working'
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [set_server_common_status] (0x0100):
Marking server 'ldap.edu' as 'working'
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [fo_set_port_status] (0x0400): Marking port
389 of duplicate server 'ldap.edu' as 'working'
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x806606f20
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x806606fe0
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Running timer event
0x806606f20 "ltdb_callback"
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Destroying timer event
0x806606fe0 "ltdb_timeout"
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [ldb] (0x4000): Ending timer event
0x806606f20 "ltdb_callback"
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [find_password_expiration_attributes]
(0x4000): No password policy requested.
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_send] (0x0100): Executing
simple bind as: uid=myuser,ou=People,o=ENGR
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_send] (0x2000): ldap simple
bind sent, msgid = 2
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace:
sh[0x806613740], connected[1], ops[0x8066064a0], ldap[0x806417940]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace:
sh[0x806613740], connected[1], ops[0x8066064a0], ldap[0x806417940]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_BIND]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_done] (0x1000): Server
returned no controls.
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [simple_bind_done] (0x0400): Bind result:
Invalid credentials(49), no errmsg set
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [sdap_handle_release] (0x2000): Trace:
sh[0x806613740], connected[1], ops[0x0], ldap[0x806417940], destructor_lock[0],
release_memory[0]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [remove_connection_callback] (0x4000):
Successfully removed connection callback.
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Backend
returned: (0, 9, <NULL>) [Success]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sending
result [9][default]
(Thu Aug 25 12:44:05 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sent
result [9][default]