I’m running a 389DS LDAPS server (with self-signed certificates) on a Fedora 30 remote machine called “miservidor.midominio.local”. There I have a typical directory containing user and group entries.
I can retrieve directory data from another Fedora 30 machine (the client’s one) without any problem. For instance, executing this command (“usu1ldap” is the name of an user located inside a “usuarios” organizationalunit)…:
LDAPTLS_REQCERT=never ldapsearch -H ldaps://miservidor.midominio.local -b “dc=midominio,dc=local” uid=usu1ldap
But I want to use “usu1ldap” to login in client machine. So I’ve configured /etc/sssd/sssd.conf file in client machine like this…:
…I’ve executed sudo authselect select sssd to configure NSS/PAM accordingly and finally I’ve restarted sssd service.
However, something doesn’t work: getent passwd doesn’t show “usu1ldap” user and, obviously, id usu1ldap retrieves “unknown user”.
What am I doing wrong? I’m a bit desperated…I’ve tried to grasp sssd’s log files but without any clue.
Thanks a lot for your patience.
NOTE: Notice that in sssd.conf file I’ve had to put in ldap_default_bind_dn and ldap_default_authtok lines the name and password of directory’s manager user respectively because my 389DS server by default doesn’t allow anonymous queries and I don’t know how to change this (yet).