Welcome to the Linux Foundation Forum!

openldap client configuration LAB 9.5


I'm stuck with openldap client configuration and I would really appreciate if someone could help me

I have two VMs, one is turnkey-openldap server (suggested in the lab) and the other is ubuntu 18.04

I've followed the steps in the lab, with some minor problems that I overcame while configuring the openldap server (I couldn't add group.ldif because there was no ou Group available so I created it)

Also please note that my domain is zvezdara.lokal instead of example.com

Here is the output of ldapsearch -H ldap:// -D cn=admin,dc=zvezdara,dc=lokal -x -W -b dc=zvezdara,dc=lokal ran from the client VM:

# extended LDIF
# LDAPv3
# base <dc=zvezdara,dc=lokal> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# zvezdara.lokal
dn: dc=zvezdara,dc=lokal
objectClass: top
objectClass: dcObject
objectClass: organization
o: Zvezdara
dc: zvezdara

# admin, zvezdara.lokal
dn: cn=admin,dc=zvezdara,dc=lokal
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9WUF4aFhjM0JkRHlxRnpEK2UzbTFZMG02bDR1L3JnSDI=

# luser1, zvezdara.lokal
dn: cn=luser1,dc=zvezdara,dc=lokal
uid: luser1
cn: luser1
givenName: luser1
sn: linux
homeDirectory: /home/users/luser1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 999001
gidNumber: 999001
userPassword:: e1NTSEF9Ukt1dXBWUnp5SjhEWkkrUVQ4cXVsVms3UkZud1hUZjIgICA=

# Groups, zvezdara.lokal
dn: ou=Groups,dc=zvezdara,dc=lokal
objectClass: organizationalUnit
objectClass: top
ou: Groups

# luser1, Groups, zvezdara.lokal
dn: cn=luser1,ou=Groups,dc=zvezdara,dc=lokal
cn: luser1
objectClass: posixGroup
objectClass: top
gidNumber: 999001
memberUid: luser1

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

So server seems to show user luser1

On the client VM I've installed sssd sssd-ldap ldap-utils oddjob-mkhomedir and I've created /etc/sssd/conf.d/00-sssd.conf

config_file_version = 2
domains = zvezdara.lokal
services = nss, pam, autofs

enumerate = true
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://
ldap_search_base = dc=zvezdara,dc=lokal
ldap_id_use_start_tls = true
cache_credentials = True
ldap_tls_reqcert = allow

and added a line session optional pam oddjob mkhomedir.so into /etc/pam.d/common-session.conf

However, after restarting sssf and oddjobd and issuing getent passwd luser1 I don't get anything in response

What am I missing ?

The one potentially problematic thing is that in the lab these steps are written for Ubuntu 20.01 and I'm running Ubuntu 18.04.



Upcoming Training