[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap Problem

To: openldap-technical@openldap.org
Subject: Openldap Problem
From: Chris <chris@flamengro.co.za>
Date: Thu, 26 Jul 2012 12:55:32 +0200
Organization: Flamengro
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0

Hi.

I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.

"sssd[be[default]]: Could not start TLS encryption. TLS error -5938:Encountered end of file"

I started sssd with debugging set to 9. Errors I saw in sssd_default.log is:

[dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1
[get_port_status] (0x1000): Port status of port 389 for server 'ibm-01.flamengro.co.za' is 'not working'

When I add new users I cannot log in with the new names, a ldapseach shows them but getent passwd nothing.
Not all the users show up on my other machines either.

Any help will be appreciated.

My slapd.conf file looks like this.

include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=flamengro,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=flamengro,dc=com"

rootpw secret

directory       /var/lib/ldap/flamengro

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

database monitoraccess to *
        by dn.exact="cn=Manager,dc=flamengro,dc=com" read
        by * none
access to attrs=userPassword,shadowLastChange
        by anonymous auth
        by self write
        by * none

My sssd.conf file looks like this

[sssd]
config_file_version = 2

reconnection_retries = 3

sbus_timeout = 30
services = nss, pam

domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com

begin:vcard
fn:Chris du Preez
n:du Preez;Chris
org:Flamengro
adr:;;;Pretoria;;;RSA
tel;work:+27 (0)124282989
tel;fax:+27 (0)124282061
tel;cell:+27 (0)836337420
version:2.1
end:vcard

Follow-Ups:
- Re: Openldap Problem
  - From: Jan Vcelak <jvcelak@redhat.com>
- Re: Openldap Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Openldap Problem
  - From: "RICHARDSON Matt (SPARQ)" <matt.richardson@sparq.com.au>

Prev by Date: Does OpenLDAP 2.4 support nested group
Next by Date: Re: Openldap Problem
Index(es):
- Chronological
- Thread