You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description[[BR]]
With native ldap configured domain and auth-module = ldap, authentications are failing. Password is correct, I have validated with ldap binds and proxy ldap tests.[[BR]]
[[BR]]
sssd.conf[[BR]]
[services]
description = Local Service Configuration
activeServices = nss, dp, pam
[services/nss]
description = NSS Responder Configuration
# the following prevents sssd for searching for the root user/group in
# all domains (you can add here a comma separated list of system accounts are
# always going to be /etc/passwd users, or that you want to filter out)
filterGroups = root
filterUsers = root
[services/dp]
description = Data Provider Configuration
[services/pam]
description = PAM Responder Configuration
[services/monitor]
description = Service Monitor Configuration
#if a backend is particularly slow you can raise this timeout here
sbusTimeout = 30
[domains]
description = Domains served by SSSD
domains = LDAP
[domains/LDAP]
description = Proxy request to our LDAP server
enumerate = TRUE
minId = 1000
maxId = 1010
useFullyQualifiedNames = TRUE
cache-credentials = TRUE
provider = ldap
auth-module = ldap
ldapUri = ldap://ldap.example.com (your ldap server)
userSearchBase = ou=People,dc=example,dc=com
groupSearchBase = ou=Groups,dc=example,dc=com
Lowering priority because authentications with native LDAP are working when directory server is SSSL secured. It needs to be documented that this is required for SSSD LDAP authentication. It also needs to be documented where the CA certificate needs to be if tls_reqcert = hard or demand.
ldap_tls_cacert and ldap_tls_cacertdir are described in the sssd-ldap man page and should be mentioend in the documentation. The documentation should underline that sssd only supports LDAP authentication if SSL/TLS is enabled and working. A pointer to a documentation which explains how openLDAP handles certificates on the client side might be useful.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/201
Description[[BR]]
With native ldap configured domain and auth-module = ldap, authentications are failing. Password is correct, I have validated with ldap binds and proxy ldap tests.[[BR]]
[[BR]]
sssd.conf[[BR]]
pam.d/system-auth[[BR]]
Steps to Reproduce[[BR]]
Version[[BR]]
sssd-0.6.0-0.2009092314git2d12249.fc11.i586
Comments
Comment from jgalipea at 2009-09-24 15:37:08
Lowering priority because authentications with native LDAP are working when directory server is SSSL secured. It needs to be documented that this is required for SSSD LDAP authentication. It also needs to be documented where the CA certificate needs to be if tls_reqcert = hard or demand.
doc: 0 => 1
priority: blocker => major
tests: 0 => 1
Comment from sgallagh at 2009-09-25 15:24:12
Fixed in e8eb42b
resolution: => fixed
status: new => closed
Comment from jgalipea at 2009-10-02 17:22:02
added automated tests for tls_reqcrt never and hard. hard using ldap_tls_cacertdir and ldap_tls_cacert.
tests: 1 => 0
testsupdated: 0 => 1
Comment from sgallagh at 2009-11-09 14:43:44
Fields changed
resolution: fixed =>
status: closed => reopened
Comment from sgallagh at 2009-11-09 14:43:54
Fields changed
owner: somebody => sbose
status: reopened => new
Comment from sgallagh at 2009-11-09 14:44:00
Fields changed
fixedin: => 0.7.0
resolution: => fixed
status: new => closed
Comment from sbose at 2010-07-22 16:43:55
ldap_tls_cacert and ldap_tls_cacertdir are described in the sssd-ldap man page and should be mentioend in the documentation. The documentation should underline that sssd only supports LDAP authentication if SSL/TLS is enabled and working. A pointer to a documentation which explains how openLDAP handles certificates on the client side might be useful.
Comment from dpal at 2012-01-19 02:20:18
Fields changed
rhbz: => 0
Comment from jgalipea at 2017-02-24 14:24:02
Metadata Update from @jgalipea:
The text was updated successfully, but these errors were encountered: