How to change LDAP Root DSE

jschmidt · June 1, 2017, 2:39pm

Hi all,

I installed a local LDAP. The hostname and FQDN of the server is ok, but LDAP generates its root DSE based on dc=directory,dc=nh

$ cat /etc/sssd/sssd.conf
[sssd]
domains = my.company.com
config_file_version = 2
services = nss, pam
default_domain_suffix = my.company.com

[domain/my.company.com]
use_fully_qualified_names = True
id_provider = ldap
ldap_uri = ldap://127.0.0.1
ldap_search_base = dc=directory,dc=nh
ldap_user_search_base = ou=People,dc=directory,dc=nh
ldap_group_search_base = ou=Groups,dc=directory,dc=nh
ldap_tls_reqcert = never
cache_credentials = True
default_shell = /usr/libexec/openssh/sftp-server

As you can see the domain is OK, but the LDAP base is not. How can I change that?
Thanks a lot

davidep · June 1, 2017, 2:54pm

Hi @jschmidt,

is the expected behavior for local LDAP accounts provider. Could you explain why do you want to change it? What’s wrong with it?

jschmidt · June 1, 2017, 6:00pm

I would like a representation of my company on LDAP’s side. A great start would be to use the same domain, which the server’s FQDN is based on. Another step further would be a custom root DSE. directory.nh does not represent my company.

davidep · June 1, 2017, 6:46pm

You’re lucky, an rwm overlay is already configured!

If your domain is example.com the following base is available

DC=example,DC=com

Just ignore the default one and bind to the overlay.