On Wed, May 08, 2013 at 01:29:24PM -0400, Dmitri Pal wrote:
On 05/08/2013 12:57 PM, Brandon Foster wrote:
On Wed, May 8, 2013 at 9:52 AM, Sumit Bose sbose@redhat.com wrote:
On Wed, May 08, 2013 at 09:43:48AM -0700, Brandon Foster wrote:
On Wed, May 8, 2013 at 9:26 AM, Wojtak, Greg (Superfly) GregWojtak@quickenloans.com wrote:
I think your syntax is a little off. Try
ldapsearch -x -LLL '(&(uid=test.user)(objectClass=posixAccount))' uid uidnumber homedirectory gidnumber loginshell
You should have those 5 values returned.
-- Greg Wojtak Senior Unix Systems Engineer Office: (313) 373-4306 Mobile: (734) 718-8472
On 5/8/13 11:52 AM, "Brandon Foster" brandon.foster@liferay.com wrote:
On Wed, May 8, 2013 at 5:05 AM, Sumit Bose sbose@redhat.com wrote: > On Tue, May 07, 2013 at 11:39:45AM -0700, Brandon Foster wrote: >> Hey all, >> Im back with another ldap question. this time I rebuilt sssd and >> followed this guide: >> >> http://blog.f1linux.com/2013/04/21/howto-part-3-ldap-client-configuratio >> n-and-troubleshooting/ >> for setting up ldap authentication on my centos 6.4 system. >> >> my firewall is off and selinux is disabled. >> >> when i do an ldapsearch -x "cn=test.user" it returns all the correct >> information, but doing id test.user returns no user. > As you can see from the logs SSSD is using > "(&(uid=test.user)(objectclass=posixAccount))" as search filter, can you > check if ldapsearch with this filter finds the entry as well? > Additionally can you check that the user object is located below the > search base you have given in sssd.conf? > > HTH > > bye, > Sumit >> I've attached the log files and all of the relevant files and maybe >> some non relevant ones as well. >> >> it appears as tho it is searching for the user but is simply not >> finding anything. Is there an option to search for cn=test.user? and >> not by uid? >> >> any help will be much appreciated. > > > > > > > > >> _______________________________________________ >> sssd-users mailing list >> sssd-users@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users thanks for the reply, the user is definitely under the groups in sssd.conf.
ldapsearch with objectclass=posixAccount seems to be part of the issue. Also it is searching for uid rather than the cn of the user.
if I do ldapsearch -x "uid=<UID of test.user> it works fine
if i do ldapsearch -x "uid=<UID of test.user>" "objectclass=posixAccount" it does not.
ldapsearch -x "uid=test.user" returns all of the users in the search.
and finally ldapsearch -x "uid=test.user" "objectclass=posixAccount" returns no users.
so how do I tell my sssd to not use this filter? and to use cn instead of uid? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sorry, not to familiar with the ldapsearch commands.
anyways, test.user is not of objectclass posixAccoount so with that filter nothing comes back, if I change it to cn= and objectclass=<an objectlcass test.user is a part of> then it just returns the DN of the user.
ldap_user_name = cn ldap_user_object_class =
attributes in sssd.conf seem to be altering these values for me when i search for the id of test.user.
but it cant seem to find uiduidnumber homedirectory gidnumber or loginshell attributes for my users.
it looks that you are using a custom LDPA schema. You can map the default attributes for home directory etc to other values with
ldap_user_home_directory ldap_user_uid_number ldap_user_gid_number ldap_user_shell
respectively, see man sssd-ldap for more details, e.g. how to map group attributes.
HTH
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
yeah, a large part of my problem is that I did not set up this ldap.
is there a way I can assign say a gid or home directory rather than getting it from ldap?
gid - no
In general you can't override the group list the user is a member of but you can override the primary gid. See the "override_gid" option in man sssd.conf
but with home directory you can have a local override. See man pages for more details.