3:55 a.m.
Hi.
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the
kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.
"sssd[be[default]]: Could not start TLS encryption. TLS error
-5938:Encountered end of file"
I started sssd with debugging set to 9. Errors I saw in sssd_default.log is:
[dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1
[get_port_status] (0x1000): Port status of port 389 for server
'ibm-01.flamengro.co.za' is 'not working'
When I add new users I cannot log in with the new names, a ldapseach
shows them but getent passwd nothing.
Not all the users show up on my other machines either.
Any help will be appreciated.
My slapd.conf file looks like this.
/include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=flamengro,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=flamengro,dc=com"
rootpw secret
directory /var/lib/ldap/flamengro
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitoraccess to *
by dn.exact="cn=Manager,dc=flamengro,dc=com" read
by * none
access to attrs=userPassword,shadowLastChange
by anonymous auth
by self write
by * none/
My sssd.conf file looks like this
/
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com
/
5:01 a.m.
Hi Chris,
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26,
the
kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.
"sssd[be[default]]: Could not start TLS encryption. TLS error
-5938:Encountered end of file"
Does a following command work for you from the same machine?
LDAPTLS_CACERTDIR=/etc/openldap/cacerts ldapsearch -ZZ -x -H ldap://ibm-01.flamengro.co.za
-b dc=flamengro,dc=com
(You can add -d1 for debug output.)
Jan
11:46 a.m.
--On Thursday, July 26, 2012 12:55 PM +0200 Chris <chris(a)flamengro.co.za>
wrote:
Hi.
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the
kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.
Upgrade to a newer version of OpenLDAP that has fixes for sssd. Upgrade to
a version of OpenLDAP that doesn't use MozNSS for its SSL/TLS bits, and
instead uses the saner and reliable OpenSSL.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
4:09 p.m.
Check the permissions on your certificates. I've had this happen a couple of times
and it was due to the ldap user not being able to read the certificate on start up. If
they are wrong, correct them and restart slapd.
Matt
________________________________
From: openldap-technical-bounces(a)openldap.org
[mailto:openldap-technical-bounces@openldap.org] On Behalf Of Chris
Sent: Thursday, 26 July 2012 8:56 PM
To: openldap-technical(a)openldap.org
Subject: Openldap Problem
Hi.
I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the kernel is
2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.
"sssd[be[default]]: Could not start TLS encryption. TLS error -5938:Encountered end
of file"
I started sssd with debugging set to 9. Errors I saw in sssd_default.log is:
[dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1
[get_port_status] (0x1000): Port status of port 389 for server
'ibm-01.flamengro.co.za' is 'not working'
When I add new users I cannot log in with the new names, a ldapseach shows them but getent
passwd nothing.
Not all the users show up on my other machines either.
Any help will be appreciated.
My slapd.conf file looks like this.
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=flamengro,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=flamengro,dc=com"
rootpw secret
directory /var/lib/ldap/flamengro
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitoraccess to *
by dn.exact="cn=Manager,dc=flamengro,dc=com" read
by * none
access to attrs=userPassword,shadowLastChange
by anonymous auth
by self write
by * none
My sssd.conf file looks like this
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com
Click
here<https://www.mailcontrol.com/sr/OGlurKsQR7vTndxI!oX7UskfEqpntbSQDi...
to report this email as spam.
**************************************************************************************************
This email message (including any file attachments transmitted with it) is for the sole
use of the intended recipient(s) and may contain confidential and legally privileged
information. Any unauthorised review, use, alteration, disclosure or distribution of this
email (including any attachments) by an unintended recipient is prohibited. If you have
received this email in error, please notify the sender by return email and destroy all
copies of the original message. Any confidential or legal professional privilege is not
waived or lost by any mistaken delivery of the email. SPARQ Solutions accepts no
responsibility for the content of any email which is sent by an employee which is of a
personal nature.
Sender Details:
SPARQ Solutions
PO Box 15760 City East, Brisbane QLD Australia 4002
+61 7 4931 2222
SPARQ Solutions policy is to not send unsolicited electronic messages. Suspected breaches
of this policy can be reported by replying to this message including the original message
and the word "UNSUBSCRIBE" in the subject.
**************************************************************************************************
4148
days inactive
4148
days old
openldap-technical@openldap.org
3 comments
4 participants
participants (4)
-
Chris -
Jan Vcelak -
Quanah Gibson-Mount -
RICHARDSON Matt (SPARQ)