Well this is my sssd.conf file. 


ldap_default_bind_dn = uid=newuser01,ou=people,dc=example,dc=comThis is the line that I think suppose to bind to ACL monitor and probably is the problem. Unless I am wrong.


[domain/default]


autofs_provider = ldap

ldap_schema = rfc2307bis

cache_credentials = True

debug_level = 9


id_provider = ldap

auth_provider = ldap

chpass_provider = ldap


ldap_uri = ldaps://provider.example.com

ldap_search_base = dc=example,dc=com


ldap_id_use_start_tls = True

#ldap_id_use_start_tls = False


ldap_tls_cacertdir = /etc/openldap/cacerts

ldap_tls_cacert = /etc/openldap/cacerts/ca.crt


ldap_default_bind_dn = uid=newuser01,ou=people,dc=example,dc=com

ldap_default_authtok_type = password

ldap_default_authtok = {SSHA}UJzXEfBudfu5U6IGzFlea0TjKUvxBtc/


[sssd]

services = nss, pam, autofs

config_file_version = 2


domains = default

debug_level = 999999999

[nss]

homedir_substring = /home



debug_level = 9


[pam]

debug_level = 9



From: openldap-technical <openldap-technical-bounces@openldap.org> on behalf of Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
Sent: Tuesday, June 28, 2016 9:04:15 AM
To: openldap-technical@openldap.org
Subject: Re: first time user
 
Kaveh,

Am 27.06.2016 um 18:36 Uhr schrieb Kaveh Ehsani:
> I am using this for the first time so if there are protocols to follow
> please let me know.
please, describte your problem in the subject as clear as possible!

> and try to run the same ldapmodify as:
>
>
> ldapmodify -H ldapi:/// -x -D "cn=config" -W <<EOF
> dn: olcDatabase={1}monitor,cn=config
> changetype: modify
> replace: olcAccess
> olcAccess: {0}to *
>        by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
>        by dn.base="cn=Manager,dc=${MYDOMAIN},dc=${MYTLD}" read
>        by anonymous search
> EOF
>
> and I get this error:
>
>
> ldap_start_tls: Can't contact LDAP server (-1)
What does an corresponding ldapsearch say?
You just posted what the client logged.
What does the server log say?
Does the server still run?

> I think my binding inside sssd.conf on the client side is incorrect for
> the newuser01 I have added to the ldapserver
>
> Useldap_default_bind_dn = cn=newuser01,dc=example,dc=com
I think your pure ldapmodify example here has nothing zu do with sssd.


Marc