How to debug SSSD problems

This page provides a few steps to self-diagnose problems encountered when using SSSD. For additional information on using SSSD, see https://fedorahosted.org/sssd.


 * 1) Using the  command, confirm you can you can contact the servers used when configuring SSSD.
 * 2) Inspect the system logs  and  for suspicious log messages
 * 3) If using TLS, verify that ...
 * 4) The directory  contains the certificate
 * 5) The directory  contains a hash symlink to the certificate
 * 6) Enable SSSD debugging output
 * 7) Setting   in.
 * 8) Next, restart SSSD by typing
 * 9) Finally, inspect the SSSD log files for any clues
 * 10) Verify that the services work when not called by SSSD.
 * 11) * For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using.
 * ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org
 * 1) * Using the same information, now try communicating without TLS
 * ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
 * ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
 * ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org