Hi.
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64. The problem I'm having is I get this error message in messages file.
"sssd[be[default]]: Could not start TLS encryption. TLS error -5938:Encountered end of file"
I started sssd with debugging set to 9. Errors I saw in sssd_default.log is:
[dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1 [get_port_status] (0x1000): Port status of port 389 for server 'ibm-01.flamengro.co.za' is 'not working'
When I add new users I cannot log in with the new names, a ldapseach shows them but getent passwd nothing. Not all the users show up on my other machines either.
Any help will be appreciated.
My slapd.conf file looks like this.
/include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
database bdb suffix "dc=flamengro,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=flamengro,dc=com"
rootpw secret
directory /var/lib/ldap/flamengro
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
database monitoraccess to * by dn.exact="cn=Manager,dc=flamengro,dc=com" read by * none access to attrs=userPassword,shadowLastChange by anonymous auth by self write by * none/
My sssd.conf file looks like this / [sssd] config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30 services = nss, pam
domains = default
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] reconnection_retries = 3
[domain/default] auth_provider = ldap cache_credentials = True ldap_id_use_start_tls = True debug_level = 9 ldap_search_base = dc=flamengro,dc=com # krb5_realm = EXAMPLE.COM chpass_provider = ldap id_provider = ldap ldap_uri = ldap://ibm-01.flamengro.co.za # krb5_kdcip = kerberos.example.com ldap_tls_cacertdir = /etc/openldap/cacerts enumerate = True ldap_sasl_canonicalize = true # krb5_server = kerberos.example.com
/