[sle-beta] Antw: Re: [Fwd: sssd configuration via autoast]

Howard Guo hguo at suse.com
Tue Jul 25 02:37:54 MDT 2017 

Hello Thomas.

Please try invoking SSSD configuration program via Network Services -> User Login Management, and proceed to make SSSD configuration from there.

Afterwards, the result XML file should contain a section that looks like:

<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
   <auth-client>
     <conf_json>{"sssd":{"conf":{"sssd":{"config_file_version":"2","services":["pam","nss"],"domains":["ldapexample.net"]},"nss":{},"pam":{},"domain/ldapexample.net":{"id_provider":"ldap","auth_provider":"ldap","ldap_schema":"rfc2307bis","enumerate":"false","cache_credentials":"true","case_sensitive":"true","ldap_use_tokengroups":"false","ldap_uri":"ldap://example.net","ldap_search_base":"dc=example,dc=net","ldap_tls_reqcert":"never"}},"pam":true,"nss":["passwd","group"],"enabled":true},"ldap":{"conf":{"host":"127.0.0.1","base":"dc=example,dc=com","bind_policy":"soft","pam_lookup_policy":"yes","pam_password":"exop","nss_initgroups_ignoreusers":"root,ldap","nss_schema":"rfc2307bis","nss_map_attribute":"uniqueMember member","ssl":"start_tls"},"pam":false,"nss":[]},"krb":{"conf":{"include":[],"libdefaults":{},"realms":{},"domain_realms":{},"logging":{"kdc":"FILE:/var/log/krb5/krb5kdc.log","admin_server":"FILE:/var/log/krb5/kadmind.log","default":"SYSLOG:NOTICE:DAEMON"}},"pam":false},"aux":{"autofs":false,"nscd":false,"mkhomedir":false},"ad":{"domain":"","user":"","ou":"","pass":"","overwrite_smb_conf":false,"update_dns":true}}</conf_json>
   </auth-client>


Kind regards,
Howard

On Mon, 24 Jul 2017, Thomas Eggers wrote:

> Hi Howard,
> 
> I started yast2 and select "Autoinstallation Configuration"  -> Security and Users ->
> User and Group Management -> Authentication Settings.
> 
> I configured a "LDAP Domain" and saved the file.
> 
> This is the result, all LDAP configurations are gone.
> 
> # cat sssd.xml
> <?xml version="1.0"?>
> <!DOCTYPE profile>
> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
>   <deploy_image>
>     <image_installation config:type="boolean">false</image_installation>
>   </deploy_image>
>   <groups config:type="list"/>
>   <login_settings/>
>   <software>
>     <image/>
>     <install_recommended config:type="boolean">true</install_recommended>
>     <instsource/>
>     <packages config:type="list">
>       <package>yast2-auth-client</package>
>       <package>sssd</package>
>       <package>sssd-tools</package>
>       <package>sssd-ldap</package>
>     </packages>
>   </software>
>   <user_defaults>
>     <expire/>
>     <group>100</group>
>     <groups/>
>     <home>/home</home>
>     <inactive>-1</inactive>
>     <no_groups config:type="boolean">true</no_groups>
>     <shell>/bin/bash</shell>
>     <skel>/etc/skel</skel>
>     <umask>022</umask>
>   </user_defaults>
>   <users config:type="list"/>
> </profile>
> 
> 
> Thomas
> 
>  
> 
> 
>  Thomas Eggers
> Geschäftsführer
> --------------------------------------
> araneaCONSULT GmbH
> Rudolf-Breitscheid-Straße 185-189
> 14482 Potsdam
> Tel: +49 331 55035-0 (-21)
> Mobil: +49 173 7274181
> Fax: +49 331 55035-29
> Mail: Thomas.Eggers at araneaconsult.de
> Web: www.araneaconsult.de
> --------------------------------------
> 
> 
> >>> Howard Guo <hguo at suse.com> 24.07.17 9.53 Uhr >>>
> Hello Thomas & Peter.
> 
> You are correct in saying that the entry point to SSSD configuration has moved to "User logon management". If you launch autoyast's GUI configuration program (called "autoinstallation"), you will find a graphical tool behind "user logon management" that grants you full customisability.
> 
> After you have configured SSSD according to your needs, run "File -> Save" and the final autoyast XML file will be ready.
> 
> Notice that SSSD configuration is written in JSON rather than XML elements in the result XML file, this is the new format since SP2.
> 
> Kind regards,
> Howard
> 
> On Sun, 23 Jul 2017, Peter Varkoly wrote:
> 
> > Please have a look at it!!!!
> > --
> > Peter Varkoly
> >
> >
> > Sr. Developer SUSE Linux Enterprise Applications
> >
> > SUSE LINUX GmbH
> > Maxfeldstraße 5
> > 90409 Nürnberg
> > Germany
> > GF: SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip
> > Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
> 
> Date: Sun, 23 Jul 2017 12:57:04 +0200
> From: Thomas Eggers <Thomas.Eggers at araneaCONSULT.de>
> To: sle-beta at lists.suse.com
> Subject: [sle-beta] sssd configuration via autoast
> 
> 
> 
> [ Part 2.1.2: "HTML" ]
> 
> Hi,
> 
> nothing has changed since SLES 12 SP3 Beta 1.
> It is still not possible to configure the user authentication service sssd via autoyast.
> 
> ;)
> 
> Thomas
> 
> 
> since SLES 12 SP2 I'm not be able to configure the sssd service over autoyast.
> 
> In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves to user and
> authentication.
> I think that broke autoyast.
> 
> Only with I get is:
> 
> <?xml version="1.0"?>
> <!DOCTYPE profile>
> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
> <deploy_image>
> <image_installation config:type="boolean">false</image_installation>
> </deploy_image>
> <groups config:type="list"/>
> <login_settings/>
> <software>
> <image/>
> <install_recommended config:type="boolean">true</install_recommended>
> <instsource/>
> <packages config:type="list">
> <package>yast2-auth-client</package>
> <package>sssd</package>
> <package>sssd-tools</package>
> <package>sssd-ldap</package>
> </packages>
> </software>
> <user_defaults>
> <expire/>
> <group>100</group>
> <groups/>
> <home>/home</home>
> <inactive>-1</inactive>
> <no_groups config:type="boolean">true</no_groups>
> <shell>/bin/bash</shell>
> <skel>/etc/skel</skel>
> <umask>022</umask>
> </user_defaults>
> <users config:type="list"/>
> </profile>
> 
> All the options about ldap server and other settings are gone,
> 
> Thomas
> 
> 
> --
> araneaCONSULT GmbH,
> Rudolf-Breitscheid-Straße 185-189, 14482 Potsdam
> E-Mail: info at araneaCONSULT.de
> Internet: www.araneaCONSULT.de
> Geschäftsführer: Martina Huster, Gerald Bock,
> Dirk Feddersen, Thomas Eggers
> Telefon: +49 331 55035-0, Telefax: +49 331 55035-29
> Deutsche Bank, BLZ 120 700 24, Kto. 4978284
> Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519
> 
> 
> --
> araneaCONSULT GmbH,
> Rudolf-Breitscheid-Straße 185-189, 14482 Potsdam
> E-Mail: info at araneaCONSULT.de
> Internet: www.araneaCONSULT.de
> Geschäftsführer: Martina Huster, Gerald Bock,
> Dirk Feddersen, Thomas Eggers
> Telefon: +49 331 55035-0, Telefax: +49 331 55035-29
> Deutsche Bank, BLZ 120 700 24, Kto. 4978284
> Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519
> 
> 
>

More information about the sle-beta mailing list