-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2010 07:40 AM, fedora wrote: > Hi > > The following sssd.conf and pam.d/gdm and pam.d/gdm-password work here > on fedora 13. > With quite a bit of debuggind i found out that for sssd you have to > specify all bases in the sssd.conf. > i have not been able to make sssd run with TLS. > You should not have to set the separate bases at all, as long as they are subtrees of the primary search base. If ldap_user_search_base is not specified, it defaults to being the same as ldap_search_base. There was some confusion about that in the past, where it looked more like ldap_user_search_base was mandatory. We've cleaned up the documentation to make that hopefully more clear. I'm not sure what you mean by "I have not been able to make sssd run with TLS". Given the ldap:// URI you specified, SSSD will always be using TLS for the authentication. Because you set ldap_tls_reqcert = never, it's just not validating the server against a CA cert. To do that, you would need to set ldap_tls_cacert = /path/to/ca.crt If you mean that it's not using TLS for identity lookups, this is enabled by 'ldap_id_use_start_tls = True'. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzannkACgkQeiVVYja6o6MjBQCfaku+zuxZc2oh528ZsXWcOu2E eXUAoK6hyex9rYn+9Svkj0DyLytklQ5s =lGs2 -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
