From Fedora Project Wiki
(Initial draft) |
mNo edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 8: | Line 8: | ||
## The directory {{filename|/etc/openldap/cacerts}} contains the certificate | ## The directory {{filename|/etc/openldap/cacerts}} contains the certificate | ||
## The directory {{filename|/etc/openldap/cacerts}} contains a hash symlink to the certificate | ## The directory {{filename|/etc/openldap/cacerts}} contains a hash symlink to the certificate | ||
# Enable SSSD debugging output | # Enable SSSD debugging output | ||
# | ## Setting <code>debug_level = 5</code> in {{filename|/etc/sssd/sssd.conf}}. | ||
# | ## Next, restart SSSD by typing {{command|service sssd restart}} | ||
## Finally, inspect the SSSD log files for any clues {{filename|/var/log/sssd/*}} | |||
# Verify that the services work when not called by SSSD. | # Verify that the services work when not called by SSSD. | ||
#* For example, using a LDAP server IP of ''10.1.0.7'' and a base of ''dc=hurr,dc=org'', you could search using a simple anonymous bind and with ''mandatory'' TLS to confirm LDAP server connectivity using {{command|ldapsearch}}. | #* For example, using a LDAP server IP of ''10.1.0.7'' and a base of ''dc=hurr,dc=org'', you could search using a simple anonymous bind and with ''mandatory'' TLS to confirm LDAP server connectivity using {{command|ldapsearch}}. | ||
#*: <pre> | #*: <pre>ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org</pre> | ||
#* Using the same information, now try communicating ''without'' TLS | #* Using the same information, now try communicating ''without'' TLS | ||
#*: <pre> | #*: <pre>ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org</pre> | ||
[[Category:Debugging|S]] [[Category:How to]] | [[Category:Debugging|S]] [[Category:How to]] | ||
Latest revision as of 22:00, 16 October 2013
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
It is still under construction and content may change. Do not rely on the information on this page.
This page provides a few steps to self-diagnose problems encountered when using SSSD. For additional information on using SSSD, see https://fedorahosted.org/sssd.
- Using the
pingcommand, confirm you can you can contact the servers used when configuring SSSD. - Inspect the system logs
/var/log/secureand/var/log/messagesfor suspicious log messages - If using TLS, verify that ...
- The directory
/etc/openldap/cacertscontains the certificate - The directory
/etc/openldap/cacertscontains a hash symlink to the certificate
- The directory
- Enable SSSD debugging output
- Setting
debug_level = 5in/etc/sssd/sssd.conf. - Next, restart SSSD by typing
service sssd restart - Finally, inspect the SSSD log files for any clues
/var/log/sssd/*
- Setting
- Verify that the services work when not called by SSSD.
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using
ldapsearch.ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org
- Using the same information, now try communicating without TLS
ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using