> If I perform a manual ldapsearch ... using the parameters
the "ldap_search_ext" call ... it works just fine. I've checked in the
logs and I see that it marks the connection to the domain controller as
"working" ... so, I'm not sure why sssd complains that a successful bind
must be completed... that seems to have happened already...
> I'm running sssd version 1.11.7 ...
> Any ideas, folks?
Interesting, it looks like the LDAP bind was not attempted at all.
You're running a version that is not so new, does adding:
ldap_default_authtok_type = password explicitly to sssd.conf work?
Sadly, adding that didn't help...
And a bit unrelated, but do you really need to use
would personally suggest to use auth_provider=krb5, like this:
auth_provider = krb5
krb5_server = kdc.example.com
krb5_realm = EXAMPLE.COM
I can definitely make it work with kerberos... and have already proven that. The id
source is AD ... and my Linux user base would like to try to avoid integration with AD as
much as possible... so I was trying to find them a pure LDAP solution.
Actually... I lied about the version... I'm using 1.13.3 on CentOS 6.8 ... if that
makes any difference.