I have configured an LDAP server and created a user. ldapsearch delivers the following results:
# user, People, brave-vesperia.com
dn: uid=masc,ou=People,dc=brave-vesperia,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: masc
cn: user user
sn: user
givenName: ###
title: Dr.
telephoneNumber: #####
mobile: #####
postalAddress: #####
userPassword:: e1NTSEF9QzVQNUp5R2h4NkZzVzRuUzlCZWdlcFlwaVVFWEk0Mno=
labeledURI: #####
loginShell: /bin/bash
uidNumber: 9999
gidNumber: 9999
homeDirectory: /home/masc
description: Admin User
I have configured sssd on my client and can now login using my ldap account. However, the shell I'm getting is /bin/sh.
Here's my sssd configuration:
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = brave-vesperia.com
[domain/brave-vesperia.com]
cache_credentials = true
enumerate = true
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://ldap.brave-vesperia.com
ldap_search_base = dc=brave-vesperia,dc=com
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/openldap/certs/ca.pem
chpass_provider = ldap
ldap_chpass_uri = ldap://ldap.brave-vesperia.com
entry_cache_timeout = 600
ldap_network_timeout = 2
ldap_schema = rfc2307bis
ldap_group_member = uniqueMember
Here's the output of getent masc passwd
masc:*:1001:1001::/home/masc:
/bin/sh is not a symlink to /bin/bash. I have tested both an AlmaLinux and an Ubuntu Client so it's unlikely to be client related.
Searching through the logs I see the following lines repeatedly:
(2022-04-21 5:35:46): [be[brave-vesperia.com]] [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell
sssd_brave-vesperia.com.log:(2022-04-21 6:25:50): [be[brave-vesperia.com]] [sysdb_remove_attrs] (0x2000): Removing attribute [loginShell] from [[email protected]]
getent passwd my-usernameto the question. What OS is this? Is/bin/sha symlink to/bin/bash?