search

glauth / glauth

A lightweight LDAP server for development, home use, or CI
MIT License
2.42k stars 219 forks source link

minimal sssd-ldap example #224

Closed aanderse closed 2 years ago

aanderse commented 2 years ago

I didn't want to resurrect #5 so: does anyone have the configuration required for a minimal working sssd with glauth?

Fusion commented 2 years ago

Please take a look here: https://github.com/glauth/glauth/wiki/SSH-PAM-(Pluggable-Authentication-Modules)-configuration ("The modern way, using sssd") -- hopefully this is what you are looking for.

aanderse commented 2 years ago

Sorry! I missed the wiki first time around :blush: Thank you very much!

Zen3515 commented 1 year ago

I follow the wiki but was unable to make it work. I can't even use command like

sudo getent passwd
# or
id abcd1

Below are my configuration and test result.

[sssd]
config_file_version = 2
services = nss, pam, ssh
domains = MYDOMAIN

[nss]

[pam]

[domain/MYDOMAIN]
#cache_credentials = True
enumerate = False
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_uri = ldap://auth-service.mydomain-test.com
ldap_search_base = dc=mydomain-test,dc=com
ldap_default_bind_dn = cn=sssd-service,ou=svcaccts,dc=mydomain-test,dc=com
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = I_AM_SURE_THAT_IT_IS_CORRECT
ldap_use_tokengroups = False
ldap_tls_cacert = /data/letsencrypt/certificates/auth-service.mydomain-test.com.crt
sudo_provider = none
ldap_group_member = member
ldap_schema = rfc2307bis
ldap_access_order = filter
ldap_access_filter = (memberOf=ou=ssh-ldap,ou=groups,dc=mydomain-test,dc=com)

I have already changed files /etc/ldap/ldap.conf and /etc/pam.d/common-session

ldapsearch return the correct user.

The below command gives normal result.

sudo systemctl status sssd.service

I'd like some help please.

GuoFlight commented 5 months ago

I had the same problem.If I log in to the user through sssd, it will panic out.

panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0xd44324]

goroutine 42 [running]: crypto/tls.(Conn).readClientHello(0xc000234a80, {0x2098b70?, 0xc0001382d0}) crypto/tls/handshake_server.go:147 +0x84 crypto/tls.(Conn).serverHandshake(0xc000234a80, {0x2098b70, 0xc0001382d0}) crypto/tls/handshake_server.go:42 +0x3a crypto/tls.(Conn).handshakeContext(0xc000234a80, {0x20989b0, 0x2a43760}) crypto/tls/conn.go:1552 +0x3d3 crypto/tls.(Conn).HandshakeContext(...) crypto/tls/conn.go:1492 crypto/tls.(Conn).Handshake(...) crypto/tls/conn.go:1476 crypto/tls.(Conn).Read(0xc000234a80, {0xc00027437d, 0x1, 0xb37a69?}) crypto/tls/conn.go:1356 +0x53 io.ReadAtLeast({0x7f36c81a9758, 0xc000234a80}, {0xc00027437d, 0x1, 0x1}, 0x1) io/io.go:335 +0x90 io.ReadFull(...) io/io.go:354 github.com/go-asn1-ber/asn1-ber.readByte({0x7f36c81a9758, 0xc000234a80}) github.com/go-asn1-ber/asn1-ber@v1.5.4/util.go:7 +0x53 github.com/go-asn1-ber/asn1-ber.readIdentifier({0x7f36c81a9758, 0xc000234a80}) github.com/go-asn1-ber/asn1-ber@v1.5.4/identifier.go:14 +0x2f github.com/go-asn1-ber/asn1-ber.readHeader({0x7f36c81a9758, 0xc000234a80}) github.com/go-asn1-ber/asn1-ber@v1.5.4/header.go:15 +0x25 github.com/go-asn1-ber/asn1-ber.readPacket({0x7f36c81a9758, 0xc000234a80}) github.com/go-asn1-ber/asn1-ber@v1.5.4/ber.go:287 +0x32 github.com/go-asn1-ber/asn1-ber.ReadPacket(...) github.com/go-asn1-ber/asn1-ber@v1.5.4/ber.go:210 github.com/glauth/ldap.(Server).handleConnection(0xc000328700, {0x209d1e8?, 0xc00007e098?}) github.com/glauth/ldap@v0.0.0-20231210225823-b9bf4d1baf6e/server.go:230 +0x74 created by github.com/glauth/ldap.(Server).Serve in goroutine 31 github.com/glauth/ldap@v0.0.0-20231210225823-b9bf4d1baf6e/server.go:208 +0xb3