Hi folks,
Trying to set up autofs in sssd. It doesn't appear that sssd likes my basedn, one that I use on Solaris just fine. In my sssd_default.log I see:
sssd_default.log:(Tue Sep 10 23:59:59 2013) [sssd[be[default]]] [common_parse_search_base] (0x0020): Invalid base DN ["o=nycornell.org"]
I'm running RHEL 6.4. sssd-1.9.2-82.7 libsss_autofs-1.9.2-82.7
User authentication in with sss/ldap works just fine.
Any suggestions? Changing my basedn will be impossible.
On 09/11/2013 07:04 AM, Dale Harris wrote:
Hi folks,
Trying to set up autofs in sssd. It doesn't appear that sssd likes my basedn, one that I use on Solaris just fine. In my sssd_default.log I see:
sssd_default.log:(Tue Sep 10 23:59:59 2013) [sssd[be[default]]] [common_parse_search_base] (0x0020): Invalid base DN ["o=nycornell.org"]
I'm running RHEL 6.4. sssd-1.9.2-82.7 libsss_autofs-1.9.2-82.7
User authentication in with sss/ldap works just fine.
Any suggestions? Changing my basedn will be impossible.
Hi Dale,
BaseDN shouldn't contain a dot character, could you please post your sssd.conf file? Sanitized, if needed. Also, is the version of SSSD you run same on both machines?
Ondra
On Wed, Sep 11, 2013 at 10:47:35AM +0200, Ondrej Kos wrote:
On 09/11/2013 07:04 AM, Dale Harris wrote:
Hi folks,
Trying to set up autofs in sssd. It doesn't appear that sssd likes my basedn, one that I use on Solaris just fine. In my sssd_default.log I see:
sssd_default.log:(Tue Sep 10 23:59:59 2013) [sssd[be[default]]] [common_parse_search_base] (0x0020): Invalid base DN ["o=nycornell.org"]
I'm running RHEL 6.4. sssd-1.9.2-82.7 libsss_autofs-1.9.2-82.7
User authentication in with sss/ldap works just fine.
Any suggestions? Changing my basedn will be impossible.
Hi Dale,
BaseDN shouldn't contain a dot character, could you please post your sssd.conf file? Sanitized, if needed. Also, is the version of SSSD you run same on both machines?
I was able to set that search base just fine:
# grep search_base /etc/sssd/sssd.conf ldap_autofs_search_base = o=nycornell.org
Then the debug logs appear to parse it as well: (Wed Sep 11 11:52:24 2013) [sssd[be[ipatest.example.com]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][o=nycornell.org][SUBTREE][]
The sssd.conf would be welcome.
On Wed, Sep 11, 2013 at 4:47 AM, Ondrej Kos okos@redhat.com wrote:
Hi Dale,
BaseDN shouldn't contain a dot character, could you please post your sssd.conf file? Sanitized, if needed. Also, is the version of SSSD you run same on both machines?
I have sssd running on a few RHEL 6 servers, it's just used for user authentication, works fine. I'm just trying to add autofs support to it now to NFS home directories.
The LDAP server is SunOne Java LDAP server. I don't remember the version. It's been running for years. I don't know if I agree that a period, perhaps it shouldn't have a period, but it seems to allowed by RFC 2253, as far as I can tell. This configuration has been part of our infrastructure for a very long time. Might not be the smartest, or most conventional setup, but it has worked.
So here's what I have in sssd.conf currently, and it doesn't work. It appears this should work in our current environment. There isn't anything too special about our setup:
[domain/default]
cache_credentials = True ldap_search_base = ou=people,o=nycornell.org id_provider = ldap ldap_id_use_start_tls = False ldap_uri = ldaps://mds.med.cornell.edu/ ldap_tls_reqcert = never ldap_default_bind_dn = cn=adminuser,ou=profile,o=nycornell.org ldap_default_authtok_type = obfuscated_passwordldap_default_authtok = XXXXXX access_provider = ldap ldap_access_filter = (|(host=allunix)(host=redhat)) ldap_autofs_search_base="o=nycornell.org" ldap_autofs_map_object_class="automountMap" ldap_autofs_entry_object_class="automount" ldap_autofs_map_name="automountMapName" ldap_autofs_entry_key="automountKey" ldap_autofs_entry_value="automountInformation" debug_level=0xFFF0
[sssd] services = nss,pam,autofs config_file_version = 2 debug_level=0xFFF0
domains = default
On Wed, Sep 11, 2013 at 09:24:08AM -0400, Dale Harris wrote:
On Wed, Sep 11, 2013 at 4:47 AM, Ondrej Kos okos@redhat.com wrote:
Hi Dale,
BaseDN shouldn't contain a dot character, could you please post your sssd.conf file? Sanitized, if needed. Also, is the version of SSSD you run same on both machines?
I have sssd running on a few RHEL 6 servers, it's just used for user authentication, works fine. I'm just trying to add autofs support to it now to NFS home directories.
The LDAP server is SunOne Java LDAP server. I don't remember the version. It's been running for years. I don't know if I agree that a period, perhaps it shouldn't have a period, but it seems to allowed by RFC 2253, as far as I can tell. This configuration has been part of our infrastructure for a very long time. Might not be the smartest, or most conventional setup, but it has worked.
So here's what I have in sssd.conf currently, and it doesn't work. It appears this should work in our current environment. There isn't anything too special about our setup:
[domain/default]
cache_credentials = True ldap_search_base = ou=people,o=nycornell.org id_provider = ldap ldap_id_use_start_tls = False ldap_uri = ldaps://mds.med.cornell.edu/ ldap_tls_reqcert = never ldap_default_bind_dn = cn=adminuser,ou=profile,o=nycornell.org ldap_default_authtok_type = obfuscated_passwordldap_default_authtok = XXXXXX access_provider = ldap ldap_access_filter = (|(host=allunix)(host=redhat)) ldap_autofs_search_base="o=nycornell.org" ldap_autofs_map_object_class="automountMap" ldap_autofs_entry_object_class="automount" ldap_autofs_map_name="automountMapName" ldap_autofs_entry_key="automountKey" ldap_autofs_entry_value="automountInformation"
I think you just need to drop the quotes. Instead of: ldap_autofs_search_base="o=nycornell.org" use: ldap_autofs_search_base=o=nycornell.org
On Wed, Sep 11, 2013 at 9:37 AM, Jakub Hrozek jhrozek@redhat.com wrote:
I think you just need to drop the quotes. Instead of: ldap_autofs_search_base="o=nycornell.org" use: ldap_autofs_search_base=o=nycornell.org
I just tired that, it appears to work. I was basing that config on what I saw in some Red Hat docs. Now to make the rest work...
On Wed, Sep 11, 2013 at 09:47:19AM -0400, Dale Harris wrote:
On Wed, Sep 11, 2013 at 9:37 AM, Jakub Hrozek jhrozek@redhat.com wrote:
I think you just need to drop the quotes. Instead of: ldap_autofs_search_base="o=nycornell.org" use: ldap_autofs_search_base=o=nycornell.org
I just tired that, it appears to work. I was basing that config on what I saw in some Red Hat docs.
Can you link the docs? We need to fix them.
Now to make the rest work...
Feel free to ask again!
On Wed, Sep 11, 2013 at 9:53 AM, Jakub Hrozek jhrozek@redhat.com wrote:
Can you link the docs? We need to fix them.
Here it is:
https://access.redhat.com/site/documentation//en-US/Red_Hat_Enterprise_Linux...
On Wed, Sep 11, 2013 at 09:59:14AM -0400, Dale Harris wrote:
On Wed, Sep 11, 2013 at 9:53 AM, Jakub Hrozek jhrozek@redhat.com wrote:
Can you link the docs? We need to fix them.
Here it is:
https://access.redhat.com/site/documentation//en-US/Red_Hat_Enterprise_Linux...
Thank you, I filed a bug to get the documentation fixed: https://bugzilla.redhat.com/show_bug.cgi?id=1006934
sssd-users@lists.fedorahosted.org
-
Dale Harris -
Jakub Hrozek -
Ondrej Kos