[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting ldappasswd and PAM in the same page under CentOS 7
Am Wed, 20 Sep 2017 14:20:54 -0400 (EDT)
schrieb Robert Heller <heller@deepsoft.com>:
> At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?=
> <dieter@dkluenter.de> wrote:
>
> >
> > Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT)
> > schrieb Robert Heller <heller@deepsoft.com>:
> >
> > > OK, I fixed the ACLs (I think), but it is still not working. I
> > > turned on verbose debugging for sssd[pam] and moderate debugging
> > > for slapd.
> > >=20
> > > Here are my ACLs
> > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{2}hdb.ldif:
> > >=20
> > > olcAccess: {0}to attrs=3DuserPassword
> > > by self write
> > > by anonymous auth
> > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write
> > > by * none
> > > olcAccess: {1}to *
> > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write
> > > by * read
> > >=20
> > > There are also these olcAccess entries:
> > >=20
> > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{0}config.ldif:
> > >=20
> > > olcAccess: {0}to * by
> > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern
> > > al,cn=3D=
> > auth"
> > > manage by * none
> > >=20
> > > and
> > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{1}monitor.ldif:
> > >=20
> > > olcAccess: {0}to * by
> > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern
> > > al,cn=3D=
> > auth"
> > > read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by *
> > > none
> > [...]
> >
> > You may run slapd in debugging mode 128.
>
> How do I do that using the "new" configuration method in
> /etc/openldap/slapd.d?
>
> I added:
>
> logLevel: 128
>
> to the end of /etc/openldap/slapd.d/cn=config.ldif
>
> But it does not like it:
[...]
man slapd(8),
$(EXECDIR)/slapd -h ldap:/// -F $(CONFIGDIR)/slapd.d -u $USER -g
$GROUP -d 128
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E