Saturday, June 24, 2023

[389-users] new dirsrv with RHEL9

Hi, I am having a problem with a new dirsrv setup, getting a linux client to authenticate with LDAP.  I have done all the usual things to troubleshoot, if anyone has seen this or knows what can be done I would sure appreciate any help.  Here's what i'm noticing:

- I need to have the bind_dn of Directory Manager specified to lookup almost anything in LDAP, not sure why this is?

- sssd can find a sample user I created but still there seems to be a problem, it looks like PAM but I did use authselect to use the sss profile:

$ ldapsearch -x -LLL -D "cn=Directory Manager" -W -b ou=people,o=solarflow -H ldap://dev2.local '(uid=john)' cn gidNumber userPassword
Enter LDAP Password:
dn: uid=john,ou=people,o=solarflow
cn: John Smith
gidNumber: 10001

$ sssctl domain-status ldap
Online status: Online

Active servers:
LDAP: dev2.local

Discovered LDAP servers:
- dev2.local

localhost ~ $ sssctl user-checks john
user: john
action: acct
service: system-auth

sss_getpwnam_r failed with [0].
User name lookup with [john] failed.
SSSD InfoPipe user lookup result:
 - name: john
 - uidNumber: 10001
 - gidNumber: 10001
 - gecos: John Smith
 - homeDirectory: /home/john
 - loginShell: /bin/bash

testing pam_acct_mgmt

pam_acct_mgmt: User not known to the underlying authentication module

PAM Environment:
 - no env -

localhost ~ $ getent passwd john

localhost ~ $ id john
id: 'john': no such user

$ authselect current
Profile ID: sssd
Enabled features:
- with-mkhomedir
- with-pamaccess
- with-sudo

Here is my sssd.conf:

config_file_version = 2
domains = LDAP
debug_level = 6

id_provider = ldap
auth_provider = ldap
#chpass_provider = ldap
ldap_uri = ldap://dev2.local
ldap_search_base = o=solarflow
ldap_default_bind_dn = cn=Directory Manager
ldap_default_authtok = my_secret_password
cache_credentials = True
debug_level = 6

No comments:

Post a Comment