I think your syntax is a little off. Try
ldapsearch -x -LLL '(&(uid=test.user)(objectClass=posixAccount))' uid
uidnumber homedirectory gidnumber loginshell
You should have those 5 values returned.
--
Greg Wojtak
Senior Unix Systems Engineer
Office: (313) 373-4306
Mobile: (734) 718-8472
On 5/8/13 11:52 AM, "Brandon Foster" <brandon.foster(a)liferay.com> wrote:
On Wed, May 8, 2013 at 5:05 AM, Sumit Bose <sbose(a)redhat.com>
wrote:
> On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote:
>> Hey all,
>> Im back with another ldap question. this time I rebuilt sssd and
>> followed this guide:
>>
>>http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuratio
>>n-and-troubleshooting/
>> for setting up ldap authentication on my centos 6.4 system.
>>
>> my firewall is off and selinux is disabled.
>>
>> when i do an ldapsearch -x "cn=test.user" it returns all the correct
>> information, but doing id test.user returns no user.
>
> As you can see from the logs SSSD is using
> "(&(uid=test.user)(objectclass=posixAccount))" as search filter, can
you
> check if ldapsearch with this filter finds the entry as well?
> Additionally can you check that the user object is located below the
> search base you have given in sssd.conf?
>
> HTH
>
> bye,
> Sumit
>>
>> I've attached the log files and all of the relevant files and maybe
>> some non relevant ones as well.
>>
>> it appears as tho it is searching for the user but is simply not
>> finding anything. Is there an option to search for cn=test.user? and
>> not by uid?
>>
>> any help will be much appreciated.
>
>
>
>
>
>
>
>
>
>> _______________________________________________
>> sssd-users mailing list
>> sssd-users(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
thanks for the reply,
the user is definitely under the groups in sssd.conf.
ldapsearch with objectclass=posixAccount seems to be part of the
issue. Also it is searching for uid rather than the cn of the user.
if I do ldapsearch -x "uid=<UID of test.user> it works fine
if i do ldapsearch -x "uid=<UID of test.user>"
"objectclass=posixAccount" it does not.
ldapsearch -x "uid=test.user" returns all of the users in the search.
and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount"
returns no users.
so how do I tell my sssd to not use this filter? and to use cn instead of
uid?
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users