[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: first time user
From: Kaveh Ehsani <kee2006 () med ! cornell ! edu>
Date: 2016-06-28 13:09:10
Message-ID: =?utf-8?q?=3CBN1PR06MB021E539AAE8896A3125616FF8220=40BN1PR06MB?= =?utf-8?q?021=2Enamprd06=2Eprod=2Eoutlook=2Ecom=3E?=
[Download RAW message or body]
["attachment.htm" (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: \
4pt; border-left: #800000 2px solid; } --></style> </head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" style="font-size:12pt; color:#000000; \
background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif"> <p>Well \
this is my sssd.conf file. </p> <p><span \
style="font-family:Calibri,Arial,Helvetica,sans-serif,"Apple Color \
Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI \
Symbol","Android Emoji",EmojiSymbols; font-size:16px"><br> </span></p>
<p><span style="font-family:Calibri,Arial,Helvetica,sans-serif,"Apple Color \
Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI \
Symbol","Android Emoji",EmojiSymbols; \
font-size:16px">ldap_default_bind_dn = \
uid=newuser01,ou=people,dc=example,dc=com</span>This is the line that I think \
suppose to bind to ACL monitor and probably is the problem. Unless I am wrong.</p> \
<p><br> </p>
<p></p>
<p class="x_p1"><span class="x_s1">[domain/default]</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">autofs_provider = ldap</span></p>
<p class="x_p1"><span class="x_s1">ldap_schema = rfc2307bis</span></p>
<p class="x_p1"><span class="x_s1">cache_credentials = True</span></p>
<p class="x_p1"><span class="x_s1">debug_level = 9</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">id_provider = ldap</span></p>
<p class="x_p1"><span class="x_s1">auth_provider = ldap</span></p>
<p class="x_p1"><span class="x_s1">chpass_provider = ldap</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">ldap_uri = ldaps://provider.example.com</span></p>
<p class="x_p1"><span class="x_s1">ldap_search_base = dc=example,dc=com</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">ldap_id_use_start_tls = True</span></p>
<p class="x_p1"><span class="x_s1">#ldap_id_use_start_tls = False</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">ldap_tls_cacertdir = \
/etc/openldap/cacerts</span></p> <p class="x_p1"><span class="x_s1">ldap_tls_cacert = \
/etc/openldap/cacerts/ca.crt</span></p> <p class="x_p2"><span \
class="x_s1"></span><br> </p>
<p class="x_p1"><span class="x_s1">ldap_default_bind_dn = \
uid=newuser01,ou=people,dc=example,dc=com</span></p> <p class="x_p1"><span \
class="x_s1">ldap_default_authtok_type = password</span></p> <p class="x_p1"><span \
class="x_s1">ldap_default_authtok = {SSHA}UJzXEfBudfu5U6IGzFlea0TjKUvxBtc/</span></p> \
<p class="x_p1"><br> </p>
<p class="x_p1"><span class="x_s1">[sssd]</span></p>
<p class="x_p1"><span class="x_s1">services = nss, pam, autofs</span></p>
<p class="x_p1"><span class="x_s1">config_file_version = 2</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">domains = default</span></p>
<p class="x_p1"><span class="x_s1">debug_level = 999999999</span></p>
<p class="x_p1"><span class="x_s1">[nss]</span></p>
<p class="x_p1"><span class="x_s1">homedir_substring = /home</span></p>
<p class="x_p1"><br>
</p>
<p class="x_p1"><span class="x_s1"></span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">debug_level = 9</span></p>
<p class="x_p2"><span class="x_s1"></span><br>
</p>
<p class="x_p1"><span class="x_s1">[pam]</span></p>
<p class="x_p1"><span class="x_s1">debug_level = 9</span></p>
<br>
<p></p>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" \
style="font-size:11pt"><b>From:</b> openldap-technical \
<openldap-technical-bounces@openldap.org> on behalf of Marc Patermann \
<hans.moser@ofd-z.niedersachsen.de><br> <b>Sent:</b> Tuesday, June 28, 2016 \
9:04:15 AM<br> <b>To:</b> openldap-technical@openldap.org<br>
<b>Subject:</b> Re: first time user</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Kaveh,<br>
<br>
Am 27.06.2016 um 18:36 Uhr schrieb Kaveh Ehsani:<br>
> I am using this for the first time so if there are protocols to follow<br>
> please let me know.<br>
please, describte your problem in the subject as clear as possible!<br>
<br>
> and try to run the same ldapmodify as:<br>
><br>
><br>
> ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF<br>
> dn: olcDatabase={1}monitor,cn=config<br>
> changetype: modify<br>
> replace: olcAccess<br>
> olcAccess: {0}to *<br>
> by \
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" \
read<br> > by \
dn.base="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" read<br> \
> by anonymous search<br> > EOF<br>
><br>
> and I get this error:<br>
><br>
><br>
> ldap_start_tls: Can't contact LDAP server (-1)<br>
What does an corresponding ldapsearch say?<br>
You just posted what the client logged.<br>
What does the server log say?<br>
Does the server still run?<br>
<br>
> I think my binding inside sssd.conf on the client side is incorrect for<br>
> the newuser01 I have added to the ldapserver<br>
><br>
> Useldap_default_bind_dn = cn=newuser01,dc=example,dc=com<br>
I think your pure ldapmodify example here has nothing zu do with sssd.<br>
<br>
<br>
Marc<br>
<br>
</div>
</span></font>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic