[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting ldappasswd and PAM in the same page under CentOS 7

To: Robert Heller <heller@deepsoft.com>, Dieter Klünter <dieter@dkluenter.de>
Subject: Re: Getting ldappasswd and PAM in the same page under CentOS 7
From: Michael Wandel <m.wandel@t-online.de>
Date: Fri, 22 Sep 2017 16:34:44 +0200
Cc: openldap-technical@openldap.org
Content-language: en-US
In-reply-to: <20170922134524.1EF587321F0@sharky3.deepsoft.com>
References: <20170919164516.65FA373236F@sharky3.deepsoft.com> <c04b755c-a765-a779-5128-f5dc38daa392@savoirfairelinux.com> <20170920131440.796B473214C@sharky3.deepsoft.com> <20170920163237.F00367321F1@sharky3.deepsoft.com> <20170920193017.6ac56700.dieter@dkluenter.de> <20170921140148.1FF44732B20@sharky3.deepsoft.com> <20170922104729.6b0c8e8e.dieter@dkluenter.de> <20170922134524.1EF587321F0@sharky3.deepsoft.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Am 22.09.2017 um 15:45 schrieb Robert Heller:
> At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter@dkluenter.de> wrote:
> 
>>
>> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT)
>> schrieb Robert Heller <heller@deepsoft.com>:
>> [...]
>>
>>> Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1]
>>> mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com
>>> slapd[17535]: =3D> slap_access_allowed: search access granted by
>>> write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]:
>>> =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21
>>> 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH
>>> RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
>> [...]
>>
>> You should find out why operation 11 results in 0 entries.
> 
> Operation 11 *seems* to be fetching the uid, using self, which has write 
> access, which implies read access, which seems to work just fine, using 
> ldapsearch from the command line:
> 
> [heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid
> Enter LDAP Password: 
> dn: uid=test2user,ou=People,dc=deepsoft,dc=com
> uid: test2user
> 
> I don't know what is going on here.
> 
> Also: there is a "TLS negotiation failure" failure. I have not even enabled
> TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it
> disabled everywhere. I want to test things without messing with creating a SSL
> Cert (none of this is anything close to a public facing production
> environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf 
> -- is there some other option I need to set?
> 
Ok, if you use auth_provider = ldap in your sssd  SSL/TLS is a must.
IMHO it isn't possible to get it work without.


best regards
Michael

> Is there any change that selinux is having any effect?  Selinux can be pesky 
> at times.
> 
>>
>> -Dieter
>>
>> --=20
>> Dieter Kl=C3=BCnter | Systemberatung
>> http://sys4.de
>> GPG Key ID: E9ED159B
>> 53=C2=B037'09,95"N
>> 10=C2=B008'02,42"E
>>
>>                             
>>
>

Follow-Ups:
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>

References:
- Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>

Prev by Date: Re: Olc deployment vs slapd.conf based deployment
Next by Date: Re: Getting ldappasswd and PAM in the same page under CentOS 7
Index(es):
- Chronological
- Thread