[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting ldappasswd and PAM in the same page under CentOS 7
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter@dkluenter.de> wrote:
>
> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT)
> schrieb Robert Heller <heller@deepsoft.com>:
> [...]
>
> > Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1]
> > mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com
> > slapd[17535]: =3D> slap_access_allowed: search access granted by
> > write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]:
> > =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21
> > 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH
> > RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
> [...]
>
> You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write
access, which implies read access, which seems to work just fine, using
ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid
Enter LDAP Password:
dn: uid=test2user,ou=People,dc=deepsoft,dc=com
uid: test2user
I don't know what is going on here.
Also: there is a "TLS negotiation failure" failure. I have not even enabled
TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it
disabled everywhere. I want to test things without messing with creating a SSL
Cert (none of this is anything close to a public facing production
environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf
-- is there some other option I need to set?
Is there any change that selinux is having any effect? Selinux can be pesky
at times.
>
> -Dieter
>
> --=20
> Dieter Kl=C3=BCnter | Systemberatung
> http://sys4.de
> GPG Key ID: E9ED159B
> 53=C2=B037'09,95"N
> 10=C2=B008'02,42"E
>
>
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller@deepsoft.com -- Webhosting Services