Re: sssd can't find sudo users
I figured this out. Found this in slapd's log:
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=0 BIND dn="" method=128
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=0 RESULT tag=97 err=0 text=
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=1 SRCH base="ou=SUDOers,dc=harmonywave,dc=com" scope=2 deref=0 filter="(&(objectClass=sudoRole)(cn=defaults))"
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=1 SEARCH RESULT tag=101 err=13 nentries=0 text=TLS confidentiality required
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=2 SRCH base="ou=SUDOers,dc=harmonywave,dc=com" scope=2 deref=0 filter="(&(objectClass=sudoRole)(|(sudoUser=jschaeffer)(sudoUser=%jschaeffer)(sudoUser=%#5000)(sudoUser=%administrator)(sudoUser=%sftp-users)(sudoUser=%wheel)(sudoUser=%#4000)(sudoUser=%#4001)(sudoUser=%#4002)(sudoUser=ALL)))"
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=2 SEARCH RESULT tag=101 err=13 nentries=0 text=TLS confidentiality required
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=3 SRCH base="ou=SUDOers,dc=harmonywave,dc=com" scope=2 deref=0 filter="(&(objectClass=sudoRole)(sudoUser=*)(sudoUser=+*))"
Feb 20 23:27:19 baneling slapd[22588]: conn=1058 op=3 SEARCH RESULT tag=101 err=13 nentries=0 text=TLS confidentiality required
I didn't have my /etc/ldap/ldap.conf file using start_tls so it wouldn't connect with TLS. I updated the URI parameter in the file to:
URI ldap://baneling.harmonywave.com/????starttls
And it works now.
Thanks,
Joshua
Reply to: