Where do I specify the Bind DN and password for sss+ldap?

centos ldap authentication centos6 sssd
17,650

Solution 1

You have to create a [domain] section in /etc/sssd/sssd.conf.

You could trawl through 

man sssd-ldap

But it's quite a behemoth! This should get you stared. Not all directives here will be needed, depending on your environment.

[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
krb5_realm = EXAMPLE.COM
cache_credentials = True
debug_timestamps = True
ldap_default_authtok_type = password
ldap_search_base = dc=domain,dc=com,dc=br
debug_level = 3
id_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=domain,dc=com,dc=br
min_id = 100
ldap_uri = ldap://<FQDN of LDAP Server>/
krb5_server = kerberos.example.com
ldap_default_authtok = xxxxxxxxxx
ldap_tls_cacertdir = /etc/openldap/cacerts

Solution 2

You can configure SSSD using following command:

authconfig --enablesssd \
--enablesssdauth \
--enablelocauthorize \
--enableldap \
--enableldapauth \
--ldapserver=ldap://ipaserver.example.com:389 \
--disableldaptls \
--ldapbasedn=dc=example,dc=com \
--enablerfc2307bis \
--enablemkhomedir \
--enablecachecreds \
--update

Replace name of ldapserver with you ldap server name and basedn with your base dn name.

After this in /etc/sssd/sssd.conf file

Specify ldap_default_bind_dn and ldap_default_authtok as default bind dn and password respectively, this depends upon your ldap setup.

Share:
17,650

Related videos on Youtube

Nick
Author by

Nick

Updated on September 18, 2022

Comments

  • Nick
    Nick over 1 year

    I'm trying sssd for LDAP authentication, and while it can show user IDs with the id command, getent group and getent passwd do not show LDAP names, and while I can chown files to ldap users, they ls -lah as nobody.

    A bit of digging and I found a hint: that this problem may occur when binding LDAP anonymously.

    But when I setup sss, there was no option to supply a bind DN or password. I was also unable to locate the correct directive in the manual.

    Where do I specify the Bind DN and password for sss+ldap? Does it go in /etc/sssd/sssd.conf? Or another file?

  • Balaji Boggaram Ramanarayan
    Balaji Boggaram Ramanarayan over 6 years
    Is it safe to use clear passwords in a flat file ? I would imagine, atleast obfuscated makes more meaning. sssd tools package provide utilities to obfuscate clear passwords. Just a thought

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I configure LDAP on Centos 6 for user authentication in the most secure and correct way?
How do I clear a user's cached Active Directory password on CentOS 7?
SSSD & LDAP authentication
pam_ldap and ldaps can't contact ldap server
LDAP Client Authentication using SSSD: Groups issue
home dir and shell for Active Directory authenticated users
Which ports are required in order to authenticate against a ldap server in another domain which is behind a firewall?
LDAP authentication on CentOS 7
SSSD rejects LDAP login with su: incorrect password
pam_faillock and AD/CentOS 7.2