On (14/10/16 02:26), liujitao79(a)gmail.com wrote:
hi,all
#### user op01
ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b
uid=op01,ou=people,dc=suntv,dc=tv
Here you are using manager account for ldap search
"cn=manager,dc=suntv,dc=tv"
Enter LDAP Password:
```
# extended LDIF
#
# LDAPv3
# base <uid=op01,ou=people,dc=suntv,dc=tv> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# op01, people, suntv.tv
dn: uid=op01,ou=people,dc=suntv,dc=tv
uid: op01
cn: op01
sn: op01
objectClass: hostObject
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
userPassword:: MTIzNDU2
shadowLastChange: 17085
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 2001
homeDirectory: /home/op01
labeledURI: ldaps:///ou=op,ou=host,dc=suntv,dc=tv?host
# Dynamic Lists of the opneldap
host: 192.168.1.21
# generated Dynamic Lists of the opneldap
host: 192.168.1.22
# generated Dynamic Lists of the opneldap
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
```
####sssd.conf
```
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
......
ldap_search_base = dc=suntv,dc=tv
ldap_user_search_base = ou=people,dc=suntv,dc=tv
ldap_group_search_base = ou=group,dc=suntv,dc=tv
......
access_provider = ldap
ldap_access_order = filter
ldap_access_filter = (|(host=all)(host=192.168.1.21))
```
But I cannot see it here. It might be cause by unnecessary obfuscation of
sssd.conf. So sssd used annonymous search.
@see man sssd-ldap
-> ldap_default_bind_dn
-> ldap_default_authtok_type
-> ldap_default_authtok
LS