On Thu, Apr 30, 2015 at 04:09:23PM +0000, Yingbo Li wrote:
(Thu Apr 30 10:17:56 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed o n the connection., data 0, v1db1 (Thu Apr 30 10:17:56 2015) [sssd[be[default]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/ output error
It looks like binddn and bindpw should be set.
Exactly.
But Howard Chu said in OpenLDAP, ldap.conf file cannot set binddn and bindpw. Ldapsearch I can use -D -w to set binddn and bindpw. What else can I do to make getent work?
It is SSSD that is making the LDAP connection, so you should be setting the DN and password in sssd.conf - look for the domain/default section and set values for:
ldap_default_bind_dn ldap_default_authtok
You should check first with ldapsearch to make sure that the DN and password are valid and that they allow you to do the searches that SSSD will need.
Andrew