SSS/SSSD LDAP pain RHEL6
So I'm trying out RHEL6 to install on my new NFS server.
All is going well, until it comes to getting LDAP user information. The new setup on RHEL6 is to use the SSS daemon. It is configured using authconfig.
My LDAP database requires TLS, and simple binding to get any user information, including just NSS related stuff.
So, I thought that would mean just running this command:
authconfig --enableshadow --enablesssd --disablesssdauth --enablecache --enablelocauthorize --update
This results in:
[domain/LDAP]
id_provider = ldap
#auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://*****
ldap_search_base = *****
ldap_default_bind_dn = *****
ldap_default_authtok_type = password
ldap_default_authtok = ******
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
But, doing a /etc/init.d/sssd restart doesn't make user information work.
id username
yields an error.
I found that you have to include the line in sssd.conf
ldap_id_use_start_tls = True
Grrrrr!
All is going well, until it comes to getting LDAP user information. The new setup on RHEL6 is to use the SSS daemon. It is configured using authconfig.
My LDAP database requires TLS, and simple binding to get any user information, including just NSS related stuff.
So, I thought that would mean just running this command:
authconfig --enableshadow --enablesssd --disablesssdauth --enablecache --enablelocauthorize --update
This results in:
[domain/LDAP]
id_provider = ldap
#auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://*****
ldap_search_base = *****
ldap_default_bind_dn = *****
ldap_default_authtok_type = password
ldap_default_authtok = ******
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
But, doing a /etc/init.d/sssd restart doesn't make user information work.
id username
yields an error.
I found that you have to include the line in sssd.conf
ldap_id_use_start_tls = True
Grrrrr!
Comments
Post a Comment