From Fedora Project Wiki
This page provides a few steps to self-diagnose problems encountered when using SSSD. For additional information on using SSSD, see https://fedorahosted.org/sssd.
- Using the
ping
command, confirm you can you can contact the servers used when configuring SSSD. - Inspect the system logs
/var/log/secure
and/var/log/messages
for suspicious log messages - If using TLS, verify that ...
- The directory
/etc/openldap/cacerts
contains the certificate - The directory
/etc/openldap/cacerts
contains a hash symlink to the certificate
- The directory
- Enable SSSD debugging output
- Setting
debug_level = 5
in/etc/sssd/sssd.conf
. - Next, restart SSSD by typing
service sssd restart
- Finally, inspect the SSSD log files for any clues
/var/log/sssd/*
- Setting
- Verify that the services work when not called by SSSD.
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using
ldapsearch
.- ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org
- Using the same information, now try communicating without TLS
- ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using