Hi Cristiane,
Here are some things I noticed.
On 02/18/2013 07:01 PM, Cristiane França wrote:
Hi, I'm an authentication problem with my server CentOS 6.3, there are installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32). The LDAP server is working fine but the integration between LDAP + SSSD has a problem because it can not authenticate the user on the server
Can anyone help me identify the problem? I've revised all the configuration and found nothing wrong.
::::: slapd.conf :::::
include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/nis.schema include/etc/openldap/schema/misc.schema
allow bind_v2 pidfile/var/run/openldap/slapd.pid
TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem
Iirc the Red Hat/CentOS OpenLDAP RPM expects the certificates to be in /etc/openldap/certs.
directory /database/ldap
Iirc the Red Hat/CentOS OpenLDAP RPM expects the LDAP database to be in /var/lib/ldap.
ldap_tls_cacertdir = /etc/openldap/cacerts
This location differs from the one configured at the top.
If you are using non-standard locations for various things then you may bump into SELinux AVCs. Have you checked /var/log/audit/audit.log to see if there are any SELinux issues? Does the problem still exist when you temporarily disable SELinux with setenforce 0?
Regards, Patrick