SSS/SSSD LDAP pain RHEL6

So I'm trying out RHEL6 to install on my new NFS server.

All is going well, until it comes to getting LDAP user information. The new setup on RHEL6 is to use the SSS daemon. It is configured using authconfig.

My LDAP database requires TLS, and simple binding to get any user information, including just NSS related stuff.

So, I thought that would mean just running this command:

authconfig --enableshadow --enablesssd --disablesssdauth --enablecache --enablelocauthorize --update

This results in:


[domain/LDAP]
id_provider = ldap
#auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://*****
ldap_search_base = *****
ldap_default_bind_dn = *****
ldap_default_authtok_type = password
ldap_default_authtok = ******
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt

But, doing a /etc/init.d/sssd restart doesn't make user information work.

id username

yields an error.

I found that you have to include the line in sssd.conf

ldap_id_use_start_tls = True

Grrrrr!

Comments

Popular posts from this blog

Renewing Puppet CA and puppet master certificates

Compiling tun.ko for Android - OpenVPN

Preseeding Ubuntu Natty 11.04