Sssd does not enumerate by default so this is pretty much expected behaviour. Try "getent passwd username" instead. O.
Odesláno ze Samsung Mobile
Brandon Foster brandon.foster@liferay.com napsal: ok so after some modification of the ldap server and use of the override functions I was able to make it work. I can now id test.user and get a result, as well as log in as my ldap users.
But when I do getent passwd |grep <USER> i dont get anything back.
any ideas why?
On Thu, May 9, 2013 at 3:32 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, May 08, 2013 at 01:29:24PM -0400, Dmitri Pal wrote:
On 05/08/2013 12:57 PM, Brandon Foster wrote:
On Wed, May 8, 2013 at 9:52 AM, Sumit Bose sbose@redhat.com wrote:
On Wed, May 08, 2013 at 09:43:48AM -0700, Brandon Foster wrote:
On Wed, May 8, 2013 at 9:26 AM, Wojtak, Greg (Superfly) GregWojtak@quickenloans.com wrote:
I think your syntax is a little off. Try
ldapsearch -x -LLL '(&(uid=test.user)(objectClass=posixAccount))' uid uidnumber homedirectory gidnumber loginshell
You should have those 5 values returned.
-- Greg Wojtak Senior Unix Systems Engineer Office: (313) 373-4306 Mobile: (734) 718-8472
On 5/8/13 11:52 AM, "Brandon Foster" brandon.foster@liferay.com wrote:
> On Wed, May 8, 2013 at 5:05 AM, Sumit Bose sbose@redhat.com wrote: >> On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote: >>> Hey all, >>> Im back with another ldap question. this time I rebuilt sssd and >>> followed this guide: >>> >>> http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuratio >>> n-and-troubleshooting/ >>> for setting up ldap authentication on my centos 6.4 system. >>> >>> my firewall is off and selinux is disabled. >>> >>> when i do an ldapsearch -x "cn=test.user" it returns all the correct >>> information, but doing id test.user returns no user. >> As you can see from the logs SSSD is using >> "(&(uid=test.user)(objectclass=posixAccount))" as search filter, can you >> check if ldapsearch with this filter finds the entry as well? >> Additionally can you check that the user object is located below the >> search base you have given in sssd.conf? >> >> HTH >> >> bye, >> Sumit >>> I've attached the log files and all of the relevant files and maybe >>> some non relevant ones as well. >>> >>> it appears as tho it is searching for the user but is simply not >>> finding anything. Is there an option to search for cn=test.user? and >>> not by uid? >>> >>> any help will be much appreciated. >> >> >> >> >> >> >> >> >>> _______________________________________________ >>> sssd-users mailing list >>> sssd-users@lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> _______________________________________________ >> sssd-users mailing list >> sssd-users@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > thanks for the reply, > the user is definitely under the groups in sssd.conf. > > ldapsearch with objectclass=posixAccount seems to be part of the > issue. Also it is searching for uid rather than the cn of the user. > > if I do ldapsearch -x "uid=<UID of test.user> it works fine > > if i do ldapsearch -x "uid=<UID of test.user>" > "objectclass=posixAccount" it does not. > > ldapsearch -x "uid=test.user" returns all of the users in the search. > > and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount" > returns no users. > > so how do I tell my sssd to not use this filter? and to use cn instead of > uid? > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sorry, not to familiar with the ldapsearch commands.
anyways, test.user is not of objectclass posixAccoount so with that filter nothing comes back, if I change it to cn= and objectclass=<an objectlcass test.user is a part of> then it just returns the DN of the user.
ldap_user_name = cn ldap_user_object_class =
attributes in sssd.conf seem to be altering these values for me when i search for the id of test.user.
but it cant seem to find uiduidnumber homedirectory gidnumber or loginshell attributes for my users.
it looks that you are using a custom LDPA schema. You can map the default attributes for home directory etc to other values with
ldap_user_home_directory ldap_user_uid_number ldap_user_gid_number ldap_user_shell
respectively, see man sssd-ldap for more details, e.g. how to map group attributes.
HTH
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
yeah, a large part of my problem is that I did not set up this ldap.
is there a way I can assign say a gid or home directory rather than getting it from ldap?
gid - no
In general you can't override the group list the user is a member of but you can override the primary gid. See the "override_gid" option in man sssd.conf
but with home directory you can have a local override. See man pages for more details.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Brandon Foster Infrastructure Administrator
Liferay, Inc. Enterprise. Open Source. For life. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users