On Wed, Dec 18, 2013 at 04:25:22PM -0500, Jason Voorhees wrote:
Hi, this is my first post to this group, I hope someone can help me.
I'm interested to map ID mapping and authentication from a LDAP Server
in a CentOS 6.5 box.
The LDAP Server (running IBM TDS afaik) is managed by a third party
provider, so I just can make queries but not modifications.
I noted that there's no posixAccount objectClass in LDAP users, so I
wonder, How can I integrate those users using SSSD? This is an example
of my domain:
[
domain/custom.domain.com]
id_provider = ldap
auth_providers = ldap
chpass_provider = ldap
ldap_uri =
ldaps://directory.domain.com
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
#ldap_search_base = ""
ldap_id_use_start_tls = true
cache_credentials = false
enumerate = false
use_fully_qualified_names = false
#ldap_user_name = notesShortName
As you can see, I tried to use "ldap_user_name" but without luck. I'm
concerned about entries that don't exist on the LDAP server like
homeDirectory or loginShell. Can SSSD deal with those attributes not
present?
I like to use just the credentials (user authentication) from the LDAP
server to get my users logged in my linux box.
I hope someone understand this scenario and can be able to help me.
Thanks in advance.
Hi Jason,
I think we need a little more information. Can you post a result of an
ldapsearch of a sample user (feel free to rename and obfuscate the
entry).
In general, the posixAccount objectclass is not a hard requirement, but
at present, the users must either have a unique numeric ID or have a
windows SID to map the ID from.
Shell and home directory can be overriden on the client as well as
primary GID number. The user ID, however, must either be present or
mapped.