[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting ldappasswd and PAM in the same page under CentOS 7

To: m.wandel@t-online.de
Subject: Re: Getting ldappasswd and PAM in the same page under CentOS 7
From: Robert Heller <heller@deepsoft.com>
Date: Fri, 22 Sep 2017 16:16:43 -0400 (EDT)
Cc: Dieter Klünter <dieter@dkluenter.de>, Robert Heller <heller@deepsoft.com>, openldap-technical@openldap.org
Dkim-filter: OpenDKIM Filter v2.11.0 sharky3.deepsoft.com 2DBA0732209
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deepsoft.com; s=deepsoft.com; t=1506111403; bh=pfOBUNv5z3h+pF+WTzoaYFP6Z3cVZkcfzs5wO+whIKg=; h=From:Subject:In-Reply-To:References:To:Cc:Date:From; b=SiuWRACqDgzVTCwxHCIpLsHfnyde+LKYDRr1+oNZ+n6giFsuWRc82QoeHRZpbZyID eHrWMcN1pbbH5ZIaoj4bXLqlbPWwvLbC8lsbh5fEmpbDD9FJ8+7YHtNsD52Olg3YTq y67LlS0LE1wKmlMqIdbNzhKeqOMamzj3C1OS/eLI=
In-reply-to: <67c7f36d-7aec-08ac-a74c-364249dc9835@t-online.de>
Organization: Deepwoods Software
References: <20170919164516.65FA373236F@sharky3.deepsoft.com> <c04b755c-a765-a779-5128-f5dc38daa392@savoirfairelinux.com> <20170920131440.796B473214C@sharky3.deepsoft.com> <20170920163237.F00367321F1@sharky3.deepsoft.com> <20170920193017.6ac56700.dieter@dkluenter.de> <20170921140148.1FF44732B20@sharky3.deepsoft.com> <20170922104729.6b0c8e8e.dieter@dkluenter.de> <20170922134524.1EF587321F0@sharky3.deepsoft.com> <67c7f36d-7aec-08ac-a74c-364249dc9835@t-online.de>

At Fri, 22 Sep 2017 16:34:44 +0200 m.wandel@t-online.de wrote:

> 
> Am 22.09.2017 um 15:45 schrieb Robert Heller:
> > At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <dieter@dkluenter.de> wrote:
> > 
> >>
> >> Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT)
> >> schrieb Robert Heller <heller@deepsoft.com>:
> >> [...]
> >>
> >>> Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1]
> >>> mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com
> >>> slapd[17535]: =3D> slap_access_allowed: search access granted by
> >>> write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]:
> >>> =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21
> >>> 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH
> >>> RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
> >> [...]
> >>
> >> You should find out why operation 11 results in 0 entries.
> > 
> > Operation 11 *seems* to be fetching the uid, using self, which has write 
> > access, which implies read access, which seems to work just fine, using 
> > ldapsearch from the command line:
> > 
> > [heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid
> > Enter LDAP Password: 
> > dn: uid=test2user,ou=People,dc=deepsoft,dc=com
> > uid: test2user
> > 
> > I don't know what is going on here.
> > 
> > Also: there is a "TLS negotiation failure" failure. I have not even enabled
> > TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it
> > disabled everywhere. I want to test things without messing with creating a SSL
> > Cert (none of this is anything close to a public facing production
> > environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf 
> > -- is there some other option I need to set?
> > 
> Ok, if you use auth_provider = ldap in your sssd  SSL/TLS is a must.
> IMHO it isn't possible to get it work without.

Yesh :-(. Now I have to get the SSL/TLS working... I have a cert now, but it
is own my own CA and I am not sure how to get that to work...

> 

> 
> best regards
> Michael
> 
> > Is there any change that selinux is having any effect?  Selinux can be pesky 
> > at times.
> > 
> >>
> >> -Dieter
> >>
> >> --=20
> >> Dieter Kl=C3=BCnter | Systemberatung
> >> http://sys4.de
> >> GPG Key ID: E9ED159B
> >> 53=C2=B037'09,95"N
> >> 10=C2=B008'02,42"E
> >>
> >>                             
> >>
> > 
> 
>                 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller@deepsoft.com       -- Webhosting Services

References:
- Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Robert Heller <heller@deepsoft.com>
- Re: Getting ldappasswd and PAM in the same page under CentOS 7
  - From: Michael Wandel <m.wandel@t-online.de>

Prev by Date: Re: Getting ldappasswd and PAM in the same page under CentOS 7
Next by Date: Openldap 2.4.40-13.el7 on CentOS 7 and SSL/TLS
Index(es):
- Chronological
- Thread