[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: getent passwd only catch local user passwd

To: Yingbo Li <YLi28@ra.rockwell.com>
Subject: Re: getent passwd only catch local user passwd
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Thu, 30 Apr 2015 18:00:24 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <BN3PR0801MB10927DC9B307CE56107D5581F9D60@BN3PR0801MB1092.namprd08.prod.outlook.com>
References: <BN3PR0801MB1092854E576E5E8E857DDF9FF9E80@BN3PR0801MB1092.namprd08.prod.outlook.com> <20150429093910.GF4937@slab.skills-1st.co.uk> <BN3PR0801MB109215F5EB8799F077B00C5EF9D60@BN3PR0801MB1092.namprd08.prod.outlook.com> <20150430115627.GG4937@slab.skills-1st.co.uk> <BN3PR0801MB10927DC9B307CE56107D5581F9D60@BN3PR0801MB1092.namprd08.prod.outlook.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Apr 30, 2015 at 04:09:23PM +0000, Yingbo Li wrote:

> (Thu Apr 30 10:17:56 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations 
> error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed o
> n the connection., data 0, v1db1
> (Thu Apr 30 10:17:56 2015) [sssd[be[default]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/
> output error

> It looks like binddn and bindpw should be set.

Exactly.

> But Howard Chu said in OpenLDAP, ldap.conf file cannot set binddn and bindpw. Ldapsearch I can use -D  -w to set binddn and bindpw. What else can I do to make getent work?

It is SSSD that is making the LDAP connection, so you should be setting
the DN and password in sssd.conf - look for the domain/default section and
set values for:

ldap_default_bind_dn
ldap_default_authtok

You should check first with ldapsearch to make sure that the DN and password
are valid and that they allow you to do the searches that SSSD will need.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- RE: getent passwd only catch local user passwd
  - From: Yingbo Li <YLi28@ra.rockwell.com>

References:
- getent passwd only catch local user passwd
  - From: Yingbo Li <YLi28@ra.rockwell.com>
- Re: getent passwd only catch local user passwd
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- RE: getent passwd only catch local user passwd
  - From: Yingbo Li <YLi28@ra.rockwell.com>
- Re: getent passwd only catch local user passwd
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- RE: getent passwd only catch local user passwd
  - From: Yingbo Li <YLi28@ra.rockwell.com>

Prev by Date: Re: getent passwd only catch local user passwd
Next by Date: Re: Significance of name forms.
Index(es):
- Chronological
- Thread