[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting ldappasswd and PAM in the same page under CentOS 7
At Fri, 22 Sep 2017 16:34:44 +0200 m.wandel@t-online.de wrote:
>
> Am 22.09.2017 um 15:45 schrieb Robert Heller:
> > At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter@dkluenter.de> wrote:
> >
> >>
> >> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT)
> >> schrieb Robert Heller <heller@deepsoft.com>:
> >> [...]
> >>
> >>> Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1]
> >>> mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com
> >>> slapd[17535]: =3D> slap_access_allowed: search access granted by
> >>> write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]:
> >>> =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21
> >>> 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH
> >>> RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
> >> [...]
> >>
> >> You should find out why operation 11 results in 0 entries.
> >
> > Operation 11 *seems* to be fetching the uid, using self, which has write
> > access, which implies read access, which seems to work just fine, using
> > ldapsearch from the command line:
> >
> > [heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid
> > Enter LDAP Password:
> > dn: uid=test2user,ou=People,dc=deepsoft,dc=com
> > uid: test2user
> >
> > I don't know what is going on here.
> >
> > Also: there is a "TLS negotiation failure" failure. I have not even enabled
> > TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it
> > disabled everywhere. I want to test things without messing with creating a SSL
> > Cert (none of this is anything close to a public facing production
> > environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf
> > -- is there some other option I need to set?
> >
> Ok, if you use auth_provider = ldap in your sssd SSL/TLS is a must.
> IMHO it isn't possible to get it work without.
Yesh :-(. Now I have to get the SSL/TLS working... I have a cert now, but it
is own my own CA and I am not sure how to get that to work...
>
>
> best regards
> Michael
>
> > Is there any change that selinux is having any effect? Selinux can be pesky
> > at times.
> >
> >>
> >> -Dieter
> >>
> >> --=20
> >> Dieter Kl=C3=BCnter | Systemberatung
> >> http://sys4.de
> >> GPG Key ID: E9ED159B
> >> 53=C2=B037'09,95"N
> >> 10=C2=B008'02,42"E
> >>
> >>
> >>
> >
>
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller@deepsoft.com -- Webhosting Services