On Wed, May 8, 2013 at 9:52 AM, Sumit Bose sbose@redhat.com wrote:
On Wed, May 08, 2013 at 09:43:48AM -0700, Brandon Foster wrote:
On Wed, May 8, 2013 at 9:26 AM, Wojtak, Greg (Superfly) GregWojtak@quickenloans.com wrote:
I think your syntax is a little off. Try
ldapsearch -x -LLL '(&(uid=test.user)(objectClass=posixAccount))' uid uidnumber homedirectory gidnumber loginshell
You should have those 5 values returned.
-- Greg Wojtak Senior Unix Systems Engineer Office: (313) 373-4306 Mobile: (734) 718-8472
On 5/8/13 11:52 AM, "Brandon Foster" brandon.foster@liferay.com wrote:
On Wed, May 8, 2013 at 5:05 AM, Sumit Bose sbose@redhat.com wrote:
On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote:
Hey all, Im back with another ldap question. this time I rebuilt sssd and followed this guide:
http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuratio n-and-troubleshooting/ for setting up ldap authentication on my centos 6.4 system.
my firewall is off and selinux is disabled.
when i do an ldapsearch -x "cn=test.user" it returns all the correct information, but doing id test.user returns no user.
As you can see from the logs SSSD is using "(&(uid=test.user)(objectclass=posixAccount))" as search filter, can you check if ldapsearch with this filter finds the entry as well? Additionally can you check that the user object is located below the search base you have given in sssd.conf?
HTH
bye, Sumit
I've attached the log files and all of the relevant files and maybe some non relevant ones as well.
it appears as tho it is searching for the user but is simply not finding anything. Is there an option to search for cn=test.user? and not by uid?
any help will be much appreciated.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
thanks for the reply, the user is definitely under the groups in sssd.conf.
ldapsearch with objectclass=posixAccount seems to be part of the issue. Also it is searching for uid rather than the cn of the user.
if I do ldapsearch -x "uid=<UID of test.user> it works fine
if i do ldapsearch -x "uid=<UID of test.user>" "objectclass=posixAccount" it does not.
ldapsearch -x "uid=test.user" returns all of the users in the search.
and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount" returns no users.
so how do I tell my sssd to not use this filter? and to use cn instead of uid? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sorry, not to familiar with the ldapsearch commands.
anyways, test.user is not of objectclass posixAccoount so with that filter nothing comes back, if I change it to cn= and objectclass=<an objectlcass test.user is a part of> then it just returns the DN of the user.
ldap_user_name = cn ldap_user_object_class =
attributes in sssd.conf seem to be altering these values for me when i search for the id of test.user.
but it cant seem to find uiduidnumber homedirectory gidnumber or loginshell attributes for my users.
it looks that you are using a custom LDPA schema. You can map the default attributes for home directory etc to other values with
ldap_user_home_directory ldap_user_uid_number ldap_user_gid_number ldap_user_shell
respectively, see man sssd-ldap for more details, e.g. how to map group attributes.
HTH
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
yeah, a large part of my problem is that I did not set up this ldap.
is there a way I can assign say a gid or home directory rather than getting it from ldap?