On Wed, May 8, 2013 at 5:05 AM, Sumit Bose sbose@redhat.com wrote:
On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote:
Hey all, Im back with another ldap question. this time I rebuilt sssd and followed this guide: http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuration-an... for setting up ldap authentication on my centos 6.4 system.
my firewall is off and selinux is disabled.
when i do an ldapsearch -x "cn=test.user" it returns all the correct information, but doing id test.user returns no user.
As you can see from the logs SSSD is using "(&(uid=test.user)(objectclass=posixAccount))" as search filter, can you check if ldapsearch with this filter finds the entry as well? Additionally can you check that the user object is located below the search base you have given in sssd.conf?
HTH
bye, Sumit
I've attached the log files and all of the relevant files and maybe some non relevant ones as well.
it appears as tho it is searching for the user but is simply not finding anything. Is there an option to search for cn=test.user? and not by uid?
any help will be much appreciated.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
thanks for the reply, the user is definitely under the groups in sssd.conf.
ldapsearch with objectclass=posixAccount seems to be part of the issue. Also it is searching for uid rather than the cn of the user.
if I do ldapsearch -x "uid=<UID of test.user> it works fine
if i do ldapsearch -x "uid=<UID of test.user>" "objectclass=posixAccount" it does not.
ldapsearch -x "uid=test.user" returns all of the users in the search.
and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount" returns no users.
so how do I tell my sssd to not use this filter? and to use cn instead of uid?