How can I effectively test so as to correct the ldap configuration? I’m accustomed to using ldapsearch within the cluster, and am learning some things about ldap through the local configuration in the cpu.conf and the sssd.conf.
I have followed the prescription to configure, as below:
auth: - 'AuthType Basic' - 'AuthName "Case SSO"' - 'AuthBasicProvider ldap' - 'AuthLDAPURL "ldap://<internal-ip>:389/ou=People,dc=cwru,dc=cloh,dc=osc,dc=edu?uid"' - 'AuthLDAPGroupAttribute memberUid' - 'AuthLDAPGroupAttributeIsDN off' - 'RequestHeader unset Authorization' - 'Require valid-user'
When prompted to authenticate, I enter my ldap credentials, which is rejected, and the login prompt window appears again. I’m not finding local logging of how the authentication is failing. The ‘dc’ values are taken from my standard usage of ldapsearch, to look up info about our cluster user accounts.
Is the structure of the ldap call to the server adequate? How do I know what value needs to be returned, and whether the necessary value is satisfied? For example, my ldapsearch will not return a field ‘memberUid’, so is the ‘AuthLDAPGroupAttribute memberUid’ inappropriate in this case?