Re: first time user

To: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Subject: Re: first time user

From: Kaveh Ehsani <kee2006@med.cornell.edu>

Date: Tue, 28 Jun 2016 13:09:10 +0000

Accept-language: en-US

Content-language: en-US

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=medcornell.onmicrosoft.com; s=selector1-med-cornell-edu; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TYhp7MiX3C2+5VppLzs2r6nqcP8p7JSo8K9MMQUIyDU=; b=A9V7FymIFns4V9Io3+oA93iYINKm1SlM6Q/TocFK8v+5PXN6piacttbVlskGihLvbEgoMoB2uCvEedLdLp7QmottnxioR9qbgJT9Vm2Rnmqk3APEthfiXgMBT5f2CEZ+oAtflkXxjWBtzEx8K6OvUjTWZ/e34NlXCNzJjp/Z2oo=

In-reply-to: <75c6f884-b96a-cf19-c5d7-22dbacaceee9@ofd-z.niedersachsen.de>

References: <BY2PR06MB025BA12DC20BABC2CD2481BF8210@BY2PR06MB025.namprd06.prod.outlook.com>, <75c6f884-b96a-cf19-c5d7-22dbacaceee9@ofd-z.niedersachsen.de>

Spamdiagnosticmetadata: NSPM

Spamdiagnosticoutput: 1:99

Thread-index: AQHR0JFTC27UNQpnaESRHwJl/ntS85/+2gKAgAAA0d0=

Thread-topic: first time user

Well this is my sssd.conf file.

ldap_default_bind_dn = uid=newuser01,ou=people,dc=example,dc=comThis is the line that I think suppose to bind to ACL monitor and probably is the problem. Unless I am wrong.

[domain/default]

autofs_provider = ldap

ldap_schema = rfc2307bis

cache_credentials = True

debug_level = 9

id_provider = ldap

auth_provider = ldap

chpass_provider = ldap

ldap_uri = ldaps://provider.example.com

ldap_search_base = dc=example,dc=com

ldap_id_use_start_tls = True

#ldap_id_use_start_tls = False

ldap_tls_cacertdir = /etc/openldap/cacerts

ldap_tls_cacert = /etc/openldap/cacerts/ca.crt

ldap_default_bind_dn = uid=newuser01,ou=people,dc=example,dc=com

ldap_default_authtok_type = password

ldap_default_authtok = {SSHA}UJzXEfBudfu5U6IGzFlea0TjKUvxBtc/

[sssd]

services = nss, pam, autofs

config_file_version = 2

domains = default

debug_level = 999999999

[nss]

homedir_substring = /home

debug_level = 9

[pam]

debug_level = 9

From: openldap-technical <openldap-technical-bounces@openldap.org> on behalf of Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
Sent: Tuesday, June 28, 2016 9:04:15 AM
To: openldap-technical@openldap.org
Subject: Re: first time user

Kaveh,

Am 27.06.2016 um 18:36 Uhr schrieb Kaveh Ehsani:
> I am using this for the first time so if there are protocols to follow
> please let me know.
please, describte your problem in the subject as clear as possible!

> and try to run the same ldapmodify as:
>
>
> ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
> dn: olcDatabase={1}monitor,cn=config
> changetype: modify
> replace: olcAccess
> olcAccess: {0}to *
>        by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
>        by dn.base="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" read
>        by anonymous search
> EOF
>
> and I get this error:
>
>
> ldap_start_tls: Can't contact LDAP server (-1)
What does an corresponding ldapsearch say?
You just posted what the client logged.
What does the server log say?
Does the server still run?

> I think my binding inside sssd.conf on the client side is incorrect for
> the newuser01 I have added to the ldapserver
>
> Useldap_default_bind_dn = cn=newuser01,dc=example,dc=com
I think your pure ldapmodify example here has nothing zu do with sssd.

Marc

References:

first time user
- From: Kaveh Ehsani <kee2006@med.cornell.edu>
Re: first time user
- From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>