On 30/04/2015 17:09, Yingbo Li wrote:
It looks like binddn and bindpw should be set. It seems that IT LDAP server request for binddn and bindpw for getent operation. In my local test env, ldap server did request binddn and bindpw from ladp client getent operation. It works. But Howard Chu said in OpenLDAP, ldap.conf file cannot set binddn and bindpw. Ldapsearch I can use -D -w to set binddn and bindpw. What else can I do to make getent work?
ldap.conf doesn't come into it. You need to tell sssd how to bind to your LDAP server.
Use the following three directives in sssd.conf within your [domain/default] section:
ldap_default_bind_dn = <dn to bind as> ldap_default_authtok_type = password ldap_default_authtok = <dn password>
Look at the man page for sssd.conf for more information about these.