[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting ldappasswd and PAM in the same page under CentOS 7



At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter@dkluenter.de> wrote:

> 
> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT)
> schrieb Robert Heller <heller@deepsoft.com>:
> [...]
> 
> > Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1]
> > mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com
> > slapd[17535]: =3D> slap_access_allowed: search access granted by
> > write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]:
> > =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21
> > 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH
> > RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
> [...]
> 
> You should find out why operation 11 results in 0 entries.

Operation 11 *seems* to be fetching the uid, using self, which has write 
access, which implies read access, which seems to work just fine, using 
ldapsearch from the command line:

[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid
Enter LDAP Password: 
dn: uid=test2user,ou=People,dc=deepsoft,dc=com
uid: test2user

I don't know what is going on here.

Also: there is a "TLS negotiation failure" failure. I have not even enabled
TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it
disabled everywhere. I want to test things without messing with creating a SSL
Cert (none of this is anything close to a public facing production
environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf 
-- is there some other option I need to set?

Is there any change that selinux is having any effect?  Selinux can be pesky 
at times.

> 
> -Dieter
> 
> --=20
> Dieter Kl=C3=BCnter | Systemberatung
> http://sys4.de
> GPG Key ID: E9ED159B
> 53=C2=B037'09,95"N
> 10=C2=B008'02,42"E
> 
>                             
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller@deepsoft.com       -- Webhosting Services