RE: debian 6 nslcd and ldap auth to AD

["Page, Jeremy" <jeremy.page [at] gilbarco.com>]

Is your uid "user"? It looks like you're filter will only map someone
with a UID of "user". I think you may want to have it say:
filter="(&(objectClass=posixAccount)(uid=*))")

I am a little confused at what you're saying, can you please provide
your nslcd.conf file in entirety? 

If you don't have Windows 2003R2 as your domain controllers your schema
will not have RFC2703 attributes defined (uid etc). Since you are
mapping your sAMAccountname to UID the query for password works but the
filter does not since there is no actual UID value in LDAP. 

Try just  filtering on objectClass=user.


-----Original Message-----
From: Michele Petrazzo [michele.petrazzo [at] unipex.it] 
Sent: Thursday, October 27, 2011 10:00 AM
To: Page, Jeremy
Cc: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: Re: debian 6 nslcd and ldap auth to AD

27/10/2011 15:41, Page, Jeremy wrote:
> You may need to have a following / on your URI
>

Thanks,
but cannot be this because my nslcd connect successfully to the server,
and "something other doesn't work".


Seeing your filters, are similar to mine and, replacing your inside my
file, I receive the same:

nslcd: [8b4567] DEBUG: ldap_simple_bind_s("CORP\ldapquery","***")
(uri="ldap://dc.corp.company.net/";)
nslcd: [8b4567] passwd entry
CN=user,OU=company,DC=corp,DC=inasset,DC=net does not contain uidNumber
value

Thanks,
Michele

> # Ignore local users (not supported in v7.2
>
> nss_initgroups_ignoreusers ALLLOCAL
>
> -----Original Message-----
> From:
> nss-pam-ldapd-users-bounces+pagej=gilbarco.com@lists.arthurdejong.org
> [nss-pam-ldapd-users-bounces+pagej=gilbarco.com [at] lists.arthurdej
> ong.org]
> On Behalf Of Michele Petrazzo
> Sent: Thursday, October 27, 2011 6:35 AM
> To: nss-pam-ldapd-users@lists.arthurdejong.org
> Subject: debian 6 nslcd and ldap auth to AD
>
> Hi list,
>
> I'm trying to bind my debian box to an AD server through nslcd but I'm

> receiving a strange error that I haven't resolved googling.
>
> First configuration:
>
> uri ldap://dcgc01.corp.company.net
>
> base dc=corp,dc=company,dc=net
>
> binddn CORP\ldapquery
>
> bindpw mypasswd
>
> Debug message:
>
> nslcd: [8b4567] DEBUG: myldap_search(base="dc=corp,dc=company,dc=net",
>
> filter="(&(objectClass=posixAccount)(uid=user))")
>
> and no login. With the same filter also ldapsearch give me no results.
>
> Adding:
>
> filter passwd (objectClass=user)
>
> map passwd uid sAMAccountName
>
> filter shadow (objectClass=user)
>
> map shadow uid sAMAccountName
>
> debug say me:
>
> nslcd: [8b4567] DEBUG: myldap_search(base="dc=corp,dc=company,dc=net",
>
> filter="(&(objectClass=user)(sAMAccountName=user))")
>
> ...
>
> passwd entry CN=My Name,OU=MyOU,DC=corp,DC=company,DC=net does not 
> contain uidNumber value
>
> but ldapsearch with (&(objectClass=user)(samaccountname=user)) give me

> a complete results and the right samaccountname
>
> Also a debug with -dd show me not so much for understand, so... what's

> the next?
>
> Thanks,
>
> Michele
>
> --
>
> To unsubscribe send an email to 
> reproduction of a manual signature that is included in any attachment.



Please be advised that this email may contain confidential 
information.  If you are not the intended recipient, please notify us 
by email by replying to the sender and delete this message.  The 
sender disclaims that the content of this email constitutes an offer 
to enter into, or the acceptance of, any agreement; provided that the 
foregoing does not invalidate the binding effect of any digital or 
other electronic reproduction of a manual signature that is included 
in any attachment.


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/