Problem in user authentication with LDAP + SSSD - openldap-technical

18 Feb 2013


      Hi,
I'm an authentication problem with my server CentOS 6.3, there are
installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32).
The LDAP server is working fine but the integration between LDAP + SSSD has
a problem because it can not authenticate the user on the server
Can anyone help me identify the problem?
I've revised all the configuration and found nothing wrong.
::::: slapd.conf :::::
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
access to *
       by self write
       by users auth
       by anonymous read
database bdb
suffix "dc=domain,dc=com,dc=br"
checkpoint      1024 15
rootdn "cn=Manager,dc=domain,dc=com,dc=br"
rootpw          xxxxxxxxxx
directory       /database/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
database monitor
loglevel        768
::::: sssd.conf :::::
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
debug_level = 8
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
krb5_realm = EXAMPLE.COM
cache_credentials = True
debug_timestamps = True
ldap_default_authtok_type = password
ldap_search_base = dc=domain,dc=com,dc=br
debug_level = 9
id_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=domain,dc=com,dc=br
min_id = 100
ldap_uri = ldap://localhost/
krb5_kdcip = kerberos.example.com
ldap_default_authtok = xxxxxxxxxx
ldap_tls_cacertdir = /etc/openldap/cacerts
:::: nsswitch.conf :::::
passwd:     files sss
shadow:     files sss
group:      files sss
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files sss
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus
LOG:
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH
base="dc=domain,dc=com,dc=br" scope=2 deref=0
filter="(&(uid=cristiane)(objectClass=posixAccount))"
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH
attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory
loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp
shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute
authorizedService accountExpires userAccountControl nsAccountLock host
loginDisabled loginExpirationTime loginAllowedTimeMap
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SEARCH RESULT
tag=101 err=32 nentries=0 text=
Thanks
Cristiane