Check the permissions on your certificates. I've had
this happen a couple of times and it was due to the ldap user not being able to
read the certificate on start up. If they are wrong, correct them and
restart slapd.
Matt
Hi.
I am using rhel 6.3, with sssd-1.8.0 and
openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64.
The
problem I'm having is I get this error message in messages
file.
"sssd[be[default]]: Could not start TLS encryption. TLS error
-5938:Encountered end of file"
I started sssd with debugging set
to 9. Errors I saw in sssd_default.log is:
[dp_get_options] (0x0400):
Option ldap_sasl_minssf has value -1
[get_port_status] (0x1000): Port status
of port 389 for server 'ibm-01.flamengro.co.za' is 'not working'
When I
add new users I cannot log in with the new names, a ldapseach shows them but
getent passwd nothing.
Not all the users show up on my other machines
either.
Any help will be appreciated.
My slapd.conf file
looks like
this.
include
/etc/openldap/schema/corba.schema
include
/etc/openldap/schema/core.schema
include
/etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/duaconf.schema
include
/etc/openldap/schema/dyngroup.schema
include
/etc/openldap/schema/inetorgperson.schema
include
/etc/openldap/schema/java.schema
include
/etc/openldap/schema/misc.schema
include
/etc/openldap/schema/nis.schema
include
/etc/openldap/schema/openldap.schema
include
/etc/openldap/schema/ppolicy.schema
include
/etc/openldap/schema/collective.schema
allow
bind_v2
pidfile
/var/run/openldap/slapd.pid
argsfile
/var/run/openldap/slapd.args
database
bdb
suffix
"dc=flamengro,dc=com"
checkpoint 1024
15
rootdn
"cn=Manager,dc=flamengro,dc=com"
rootpw
secret
directory
/var/lib/ldap/flamengro
index
objectClass
eq,pres
index ou,cn,mail,surname,givenname
eq,pres,sub
index uidNumber,gidNumber,loginShell
eq,pres
index
uid,memberUid
eq,pres,sub
index
nisMapName,nisMapEntry
eq,pres,sub
database monitoraccess to
*
by
dn.exact="cn=Manager,dc=flamengro,dc=com"
read
by * none
access to
attrs=userPassword,shadowLastChange
by anonymous auth
by self
write
by * none
My
sssd.conf file looks like this
[sssd]
config_file_version =
2
reconnection_retries = 3
sbus_timeout = 30
services = nss,
pam
domains = default
[nss]
filter_groups =
root
filter_users = root
reconnection_retries =
3
[pam]
reconnection_retries =
3
[domain/default]
auth_provider = ldap
cache_credentials =
True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base =
dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider =
ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
#
krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir =
/etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
#
krb5_server = kerberos.example.com
Click here
to report this email as spam.
*************************************************************************************
This email message (including any file attachments transmitted with it) is for the sole use of the intended recipient(s) and may contain confidential and legally privileged information. Any unauthorised review, use, alteration, disclosure or distribution of this email (including any attachments) by an unintended recipient is prohibited. If you have received this email in error, please notify the sender by return email and destroy all copies of the original message. Any confidential or legal professional privilege is not waived or lost by any mistaken delivery of the email. SPARQ Solutions accepts no responsibility for the content of any email which is sent by an employee which is of a personal nature.
Sender Details:
SPARQ Solutions
PO Box 15760 City East, Brisbane QLD Australia 4002
+61 7 4931 2222
SPARQ Solutions policy is to not send unsolicited electronic messages. Suspected breaches of this policy can be reported by replying to this message including the original message and the word "UNSUBSCRIBE" in the subject.
*************************************************************************************