[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: Problem in user authentication with LDAP + SSSD
From: Patrick Lists <openldap-list () puzzled ! xs4all ! nl>
Date: 2013-02-18 19:07:24
Message-ID: 51227BEC.8030701 () puzzled ! xs4all ! nl
[Download RAW message or body]
Hi Cristiane,
Here are some things I noticed.
On 02/18/2013 07:01 PM, Cristiane França wrote:
> Hi,
> I'm an authentication problem with my server CentOS 6.3, there are
> installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32).
> The LDAP server is working fine but the integration between LDAP + SSSD
> has a problem because it can not authenticate the user on the server
>
> Can anyone help me identify the problem?
> I've revised all the configuration and found nothing wrong.
>
> ::::: slapd.conf :::::
>
> include/etc/openldap/schema/core.schema
> include/etc/openldap/schema/cosine.schema
> include/etc/openldap/schema/inetorgperson.schema
> include/etc/openldap/schema/nis.schema
> include/etc/openldap/schema/misc.schema
>
> allow bind_v2
> pidfile/var/run/openldap/slapd.pid
>
> TLSCACertificateFile /etc/openldap/cacert.pem
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
Iirc the Red Hat/CentOS OpenLDAP RPM expects the certificates to be in
/etc/openldap/certs.
> directory /database/ldap
Iirc the Red Hat/CentOS OpenLDAP RPM expects the LDAP database to be in
/var/lib/ldap.
> ldap_tls_cacertdir = /etc/openldap/cacerts
This location differs from the one configured at the top.
If you are using non-standard locations for various things then you may
bump into SELinux AVCs. Have you checked /var/log/audit/audit.log to see
if there are any SELinux issues? Does the problem still exist when you
temporarily disable SELinux with setenforce 0?
Regards,
Patrick
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic