OpenSuse 13.2 ldap server install gond

 ( andrasferenc | 2015. június 24., szerda - 17:45 )

OpenSuse 13.2 alatt yast segítségével beállítottam az LDAP servert és SSSD-t, de az LDAP userekkel nem tudok belépni a serverre. Ezt mondja az RCSLAPD status:
slapd[21327]: auxpropfunc error invalid parameter supplied
_sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
slapd[21327]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
slapd[21327]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdbk
Nem vagyok egy guru, de korábban a 11.4 verzó alatt nem ilxen volt gondom. Most a neten se találtam számomra használható infót.Hátha valaki tud segíteni. koszi.
--------------
az nsswitch.conf
passwd: compat sss
group: compat sss
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
passwd_compat: files
group_compat: files
----------------
slapd.conf
mech_list: gssapi digest-md5 cram-md5 external
----------------
sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
domains = TARTOMANYNEV
[nss]
filter_users = root
filter_groups = root
[pam]
[ldap]
# Example LDAP domain
[domain/TARTOMANYNEV]
id_provider = ldap
auth_provider = ldap
# ldap_schema can be set to "rfc2307", which stores group member names in the
# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
# the "member" attribute. If you do not know this value, ask your LDAP
# administrator.
# ldap_schema = rfc2307
ldap_schema = rfc2307bis
ldap_uri = ldap://localhost
ldap_search_base = dc=intranet,dc=tartomanynev,dc=hu
# Note that enabling enumeration will have a moderate performance impact.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
min_id = 1000
max_id = 2000
enumerate = False
ldap_tls_reqcert = allow
#ldap_tls_cacert = /var/lib/ca-certificates/ca-bundle.pem
ldap_tls_cacert = /usr/share/pki/trust/anchors/YaST-CA.pem
# krb5_server = your.ad.example.com
# krb5_realm = EXAMPLE.COM
# [domain/INTRANET]
# id_provider = ldap
# auth_provider = ldap
# ldap_schema = rfc2307
# ldap_uri = ldap://ldap.intranet.tartomanynev.hu
----------------
Authentication Server
TLS Settings
Enable TLS
Use common Server Certificate
CA Certificate File (PEM Format)
/usr/share/pki/trust/anchors/YaST-CE.pem
Certificate File (PEM Format)
/etc/ssl/servercerts/servercert.pem
Certificate Key File (PEM Format)
/etc/ssl/servercerts/serverkey.pem