-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2010 03:08 PM, Rick Stevens wrote: > On 11/10/2010 11:14 AM, Stephen Gallagher wrote: > On 11/10/2010 10:18 AM, Bernd Nies wrote: >>>> >>>> >>>> >>>> Hi Stephen, >>>> >>>> Here's the log output of the various sssd logfiles. > ... >>>> (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind >>>> result: Invalid credentials(49), (null) > > > This message says that the credentials presented by the client are being > denied by the server. Usually, this means that you mistyped the password. > >> Actually, that means that the client isn't binding to the LDAP server. >> Anonymous simple binds were disabled by default a while ago with LDAP >> V3. > >> Check the slapd.conf for the LDAP server. To permit classic anonymous >> simple binds, you MUST have > >> allow bind_v2 bind_anon_cred bind_anon_dn > >> in it or anonymous simple binds won't be allowed. > > > I find it hard to believe that it's working on any other login > mechanism, but not for GDM. > I probably should have left a larger amount of that log visible. That wasn't an anonymous bind. It was an authenticated bind to log the user in. (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_send] (4): Executing simple bind as: uid=bernd,ou=people,dc=example,dc=com (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_send] (8): ldap simple bind sent, msgid = 2 (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x984d088], connected[1], ops[0x97db8b0], ldap[0x99689f0] (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x984d088], connected[1], ops[0x97db8b0], ldap[0x99689f0] (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls. (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Invalid credentials(49), (null) - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzb3WoACgkQeiVVYja6o6O8YwCfQYcGNG4/7i/7nBttQ1XxkOP6 ymMAn2I65exJSOcvXfLSPHubOEZ8bTvS =oeOS -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
