From Fedora Project Wiki
(Add link to sssd logs) |
mNo edit summary |
||
Line 14: | Line 14: | ||
# Verify that the services work when not called by SSSD. | # Verify that the services work when not called by SSSD. | ||
#* For example, using a LDAP server IP of ''10.1.0.7'' and a base of ''dc=hurr,dc=org'', you could search using a simple anonymous bind and with ''mandatory'' TLS to confirm LDAP server connectivity using {{command|ldapsearch}}. | #* For example, using a LDAP server IP of ''10.1.0.7'' and a base of ''dc=hurr,dc=org'', you could search using a simple anonymous bind and with ''mandatory'' TLS to confirm LDAP server connectivity using {{command|ldapsearch}}. | ||
#*: <pre> | #*: <pre>ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org</pre> | ||
#* Using the same information, now try communicating ''without'' TLS | #* Using the same information, now try communicating ''without'' TLS | ||
#*: <pre> | #*: <pre>ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org</pre> | ||
[[Category:Debugging|S]] [[Category:How to]] | [[Category:Debugging|S]] [[Category:How to]] |
Revision as of 22:00, 16 October 2013
This page provides a few steps to self-diagnose problems encountered when using SSSD. For additional information on using SSSD, see https://fedorahosted.org/sssd.
- Using the
ping
command, confirm you can you can contact the servers used when configuring SSSD. - Inspect the system logs
/var/log/secure
and/var/log/messages
for suspicious log messages - If using TLS, verify that ...
- The directory
/etc/openldap/cacerts
contains the certificate - The directory
/etc/openldap/cacerts
contains a hash symlink to the certificate
- The directory
- Enable SSSD debugging output
- Setting
debug_level = 5
in/etc/sssd/sssd.conf
. - Next, restart SSSD by typing
service sssd restart
- Finally, inspect the SSSD log files for any clues
/var/log/sssd/*
- Setting
- Verify that the services work when not called by SSSD.
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using
ldapsearch
.ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org
- Using the same information, now try communicating without TLS
ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using