From Fedora Project Wiki
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
It is still under construction and content may change. Do not rely on the information on this page.
This page provides a few steps to self-diagnose problems encountered when using SSSD. For additional information on using SSSD, see https://fedorahosted.org/sssd.
- Using the
pingcommand, confirm you can you can contact the servers used when configuring SSSD. - Inspect the system logs
/var/log/secureand/var/log/messagesfor suspicious log messages - If using TLS, verify that ...
- The directory
/etc/openldap/cacertscontains the certificate - The directory
/etc/openldap/cacertscontains a hash symlink to the certificate
- The directory
- Enable SSSD debugging output
- Setting
debug_level = 5in/etc/sssd/sssd.conf. - Next, restart SSSD by typing
service sssd restart - Finally, inspect the SSSD log files for any clues
/var/log/sssd/*
- Setting
- Verify that the services work when not called by SSSD.
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using
ldapsearch.-
ldapsearch -x -ZZ -H ldap://10.1.0.7 -b dc=hurr,dc=org
-
- Using the same information, now try communicating without TLS
-
ldapsearch -x -H ldap://10.1.0.7 -b dc=hurr,dc=org
-
- For example, using a LDAP server IP of 10.1.0.7 and a base of dc=hurr,dc=org, you could search using a simple anonymous bind and with mandatory TLS to confirm LDAP server connectivity using