Re: debian 6 nslcd and ldap auth to AD

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Michele Petrazzo <michele.petrazzo [at] unipex.it>
To: "Page, Jeremy" <jeremy.page [at] gilbarco.com>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: debian 6 nslcd and ldap auth to AD
Date: Thu, 27 Oct 2011 16:48:44 +0200

27/10/2011 16:11, Page, Jeremy wrote:

Is your uid "user"?


Yes. I have, like now, n.surname (name dot surname).

It looks like you're filter will only map someone
with a UID of "user". I think you may want to have it say:
filter="(&(objectClass=posixAccount)(uid=*))")

Sorry for confuse you. I'm using "user" like filter and "user" likeusername ;)

I'm filtering by:
filter          passwd (objectClass=user)

because if I user filter="(&(objectClass=posixAccount)(uid=*))") it sayme that it not found the data. This happen also when I use ldapsearch,so with objectClass=posixAccount it reply null, but show me all theresults when I use objectClass=user

I am a little confused at what you're saying, can you please provide
your nslcd.conf file in entirety?


Very simple:
uid nslcd
gid nslcd
uri ldap://dcgc01.corp.company.net/
base dc=corp,dc=inasset,dc=net
binddn CORP\ldapquery
bindpw ***
filter          passwd (objectClass=user)
map             passwd  uid              sAMAccountName
filter          shadow          (objectClass=user)
map             shadow  uid              sAMAccountName

If you don't have Windows 2003R2 as your domain controllers your schema
will not have RFC2703 attributes defined (uid etc).


Here I have win2k8 (no r2)

Since you are
mapping your sAMAccountname to UID the query for password works but the
filter does not since there is no actual UID value in LDAP.

I use this filter because I have found this infos on the net, without abig knowing of how it works.

Try just  filtering on objectClass=user.


That is that I use (like you can see)


Thanks,
Michele


-----Original Message-----
From: Michele Petrazzo [michele.petrazzo [at] unipex.it]
Sent: Thursday, October 27, 2011 10:00 AM
To: Page, Jeremy
Cc: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: Re: debian 6 nslcd and ldap auth to AD

27/10/2011 15:41, Page, Jeremy wrote:

You may need to have a following / on your URI


Thanks,
but cannot be this because my nslcd connect successfully to the server,
and "something other doesn't work".


Seeing your filters, are similar to mine and, replacing your inside my
file, I receive the same:

nslcd: [8b4567] DEBUG: ldap_simple_bind_s("CORP\ldapquery","***")
(uri="ldap://dc.corp.company.net/";)
nslcd: [8b4567] passwd entry
CN=user,OU=company,DC=corp,DC=inasset,DC=net does not contain uidNumber
value

Thanks,
Michele

# Ignore local users (not supported in v7.2

nss_initgroups_ignoreusers ALLLOCAL

-----Original Message-----
From:
nss-pam-ldapd-users-bounces+pagej=gilbarco.com@lists.arthurdejong.org
[nss-pam-ldapd-users-bounces+pagej=gilbarco.com [at] lists.arthurdej
ong.org]
On Behalf Of Michele Petrazzo
Sent: Thursday, October 27, 2011 6:35 AM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: debian 6 nslcd and ldap auth to AD

Hi list,

I'm trying to bind my debian box to an AD server through nslcd but I'm

receiving a strange error that I haven't resolved googling.

First configuration:

uri ldap://dcgc01.corp.company.net

base dc=corp,dc=company,dc=net

binddn CORP\ldapquery

bindpw mypasswd

Debug message:

nslcd: [8b4567] DEBUG: myldap_search(base="dc=corp,dc=company,dc=net",

filter="(&(objectClass=posixAccount)(uid=user))")

and no login. With the same filter also ldapsearch give me no results.

Adding:

filter passwd (objectClass=user)

map passwd uid sAMAccountName

filter shadow (objectClass=user)

map shadow uid sAMAccountName

debug say me:

nslcd: [8b4567] DEBUG: myldap_search(base="dc=corp,dc=company,dc=net",

filter="(&(objectClass=user)(sAMAccountName=user))")

...

passwd entry CN=My Name,OU=MyOU,DC=corp,DC=company,DC=net does not
contain uidNumber value

but ldapsearch with (&(objectClass=user)(samaccountname=user)) give me

a complete results and the right samaccountname

Also a debug with -dd show me not so much for understand, so... what's

the next?

Thanks,

Michele

--

To unsubscribe send an email to
reproduction of a manual signature that is included in any attachment.




Please be advised that this email may contain confidential
information.  If you are not the intended recipient, please notify us
by email by replying to the sender and delete this message.  The
sender disclaims that the content of this email constitutes an offer
to enter into, or the acceptance of, any agreement; provided that the
foregoing does not invalidate the binding effect of any digital or
other electronic reproduction of a manual signature that is included
in any attachment.


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

debian 6 nslcd and ldap auth to AD, Michele Petrazzo
- Message not available
  - Re: debian 6 nslcd and ldap auth to AD, Michele Petrazzo
    - RE: debian 6 nslcd and ldap auth to AD, Page, Jeremy
      - Re: debian 6 nslcd and ldap auth to AD, Michele Petrazzo

Prev by Date: Re: debian 6 nslcd and ldap auth to AD
Next by Date: RE: debian 6 nslcd and ldap auth to AD
Previous by thread: RE: debian 6 nslcd and ldap auth to AD
Next by thread: libnss-ldapd on Debian Lenny