SLES 15 SP1 + sssd + Novell edirectory = ???

Hi,
we have used pam-ldap for a long time. So we want to switch to sssd now, but it is no as easy as expected.
On old systems we used the following ldap settings:
base o=HKI
bind_policy soft
pam_lookup_policy yes
pam_password nds
nss_initgroups_ignoreusers root,ldap
nss_schema rfc2307bis
nss_map_attribute uniqueMember member
ssl start_tls
uri ldap://10.16.YY.XX
ldap_version 3
pam_filter objectClass=inetOrgPerson
tls_cacertdir /etc/ssl/certs
tls_cacertfile /etc/ssl/hki/XXX.crt
nss_connect_policy persist

SSSD looks like:
[sssd]
config_file_version = 2
services = nss, pam
domains = HKI
[nss]
filter_groups = root
filter_users = root
[pam]
filter_groups = root
filter_users = root
[domain/HKI]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldap://10.16.XX.YY
ldap_search_base = o=hki
enumerate = true
ldap_user_name = uid
debug_level = 5

So using 'id USERNAME' is working, but log on is not possible.
We set 'pam-config --add --sss' and also modified nsswitch.conf.
Any idea how to debug ? The ldap server is Novell edirectory 9.1.
Bye,
Peer

Sign In or Register to comment.