Problem: Not able to list ldap users.
Hello,
I am setting up new LDAP authentication on our SuSE 12 test system. I am a LDAP newbie and following the instructions from the site https://www.port389.org/docs/389ds/howto/quickstart.html
I have successfully created 2 users alice and eve and added them to memberof group as per the instructions.
Started ldap and could query ldap user details.
testsystem:~ # dsctl localhost status
Instance "localhost" is running
testsystem:~ # dsidm localhost user get alice
dn: uid=alice,ou=people,dc=example,dc=com
cn: Alice
description: Alice Test User
displayName: Alice User
gidNumber: 10000
homeDirectory: /home/alice
memberOf: cn=admins,ou=groups,dc=example,dc=com
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
objectClass: nsmemberof
uid: alice
uidNumber: 10000
userPassword: {PBKDF2_SHA256}AAAIAER/L5Qs5st/OvRfF6p3AAT+wAYubc7ntqb7GMu4bmCj04NagYdx8velzaZzdgtTTlWSMDjl9IUlRyL5jMSSNfKTHmcZMnn6OnREKXQIWxqhF29iIJRKK
testsystem:~ # dsidm localhost user get eve
dn: uid=eve,ou=people,dc=example,dc=com
cn: Eve
displayName: Eve User
gidNumber: 10001
homeDirectory: /home/eve
memberOf: cn=admins,ou=groups,dc=example,dc=com
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
objectClass: nsMemberOf
uid: eve
uidNumber: 10001
userPassword: {PBKDF2_SHA256}AAAIADtgVuAcbURJODAUfac6tXScM9t7+hZ/6wvj+JSJyIVxSteDZ9q1ZuvKtBu0ImYpo7yX2+L9j7e0MEq9CPNF0lu794WKWHfcP2vMQCOh+vTbuG6zxBu4doO42lfEnaFgNHuL+pqmnnKbwVJ5Ua4T8iAyxRnK7l4XFqBVQ
Then I configured sssd on the same system to test local authentication on ldap server.
cat /etc/sssd/sssd.conf
[sssd]
services = nss,pam,ssh,sudo
config_file_version = 2
domains = ldap
[nss]
homedir_substring = /home
[domain/ldap]
debug_level = 2
cache_credentials = True
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = rfc2307bis
ldap_search_base = dc=example,dc=com
ldap_uri = ldapi://%2fvar%2frun%2fslapd-localhost.socket
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/certs/ca.crt
ldap_access_filter = (memberOf=cn=admins,ou=groups,dc=example,dc=com)
enumerate = true
access_provider = ldap
ldap_user_member_of = memberof
ldap_user_gecos = cn
ldap_user_uuid = nsUniqueId
ldap_group_uuid = nsUniqueId
ldap_account_expire_policy = rhds
ldap_access_order = filter, expire
ldap_user_ssh_public_key = nsSshPublicKey
ignore_group_members = False
But the problem is , i cannot seem to query ldap users.
getent passwd does not show users alice and eve but only local users.
So i think what is missing here is sssd configuration. I guess so.
/etc/nssswitch.conf :
passwd: compat sss
group: compat sss
shadow: compat
Kindly suggest any pointers.
Thanks in adv.
Update :
It looks like a sssd and ldap connection problem. In the log file there is following extract, (sssd_ldap.log)
(2023-04-25 16:16:49): [be[ldap]] [set_server_common_status] (0x0100): [RID#11] Marking server '/var/run/slapd-localhost.socket' as 'not working'
(2023-04-25 16:16:49): [be[ldap]] [be_resolve_server_process] (0x0080): [RID#11] Couldn't resolve server (/var/run/slapd-localhost.socket), resolver returned [11]: Resource temporarily unavailable
(2023-04-25 16:16:49): [be[ldap]] [fo_resolve_service_send] (0x0100): [RID#11] Trying to resolve service 'LDAP'
(2023-04-25 16:16:49): [be[ldap]] [fo_resolve_service_send] (0x0020): [RID#11] No available servers for service 'LDAP'
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2023-04-25 16:16:49): [be[ldap]] [set_server_common_status] (0x0100): [RID#11] Marking server '/var/run/slapd-localhost.socket' as 'not working'
* (2023-04-25 16:16:49): [be[ldap]] [be_resolve_server_process] (0x0080): [RID#11] Couldn't resolve server (/var/run/slapd-localhost.socket), resolver returned [11]: Resource temporarily unavailable
* (2023-04-25 16:16:49): [be[ldap]] [be_resolve_server_process] (0x1000): [RID#11] Trying with the next one!
* (2023-04-25 16:16:49): [be[ldap]] [fo_resolve_service_send] (0x0100): [RID#11] Trying to resolve service 'LDAP'
* (2023-04-25 16:16:49): [be[ldap]] [get_server_status] (0x1000): [RID#11] Status of server '/var/run/slapd-localhost.socket' is 'not working'
* (2023-04-25 16:16:49): [be[ldap]] [get_server_status] (0x1000): [RID#11] Status of server '/var/run/slapd-localhost.socket' is 'not working'
* (2023-04-25 16:16:49): [be[ldap]] [fo_resolve_service_send] (0x0020): [RID#11] No available servers for service 'LDAP'
