On Tue, 2012-11-20 at 15:03 -0600, Andy Colson wrote:
Its a test account, the password is 'bob' :-) here are a bunch of logs:
There are some weird things going on somewhere. First nslcd shows two
requests:
nslcd: [8b4567] DEBUG: connection from pid=24368 uid=0 gid=100
nslcd: [8b4567] <passwd=-1> DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uidNumber=-1))")
[...]
nslcd: [7b23c6] DEBUG: connection from pid=24368 uid=0 gid=100
nslcd: [7b23c6] <passwd="andyc"> DEBUG: myldap_search(base="ou=users,dc=camavision,dc=com",
filter="(&(memberOf=cn=mapper,ou=groups,dc=camavision,dc=com)(uid=andyc))")
while the NSS module seems to do three requests (the second of which is
ignored) (a little cleaned up):
connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\352\3\0\0\377\377\377\377", 12, MSG_NOSIGNAL, NULL, 0) = 12
read(3, "\1\0\0\0\352\3\0\0\3\0\0\0", 1024) = 12
close(3) = 0
[...]
connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\321\7\0\0\4\0\0\0andy", 16, MSG_NOSIGNAL, NULL, 0) = 16
read(3, "", 1024) = 0
close(3) = 0
[...]
connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\351\3\0\0\5\0\0\0andyc", 17, MSG_NOSIGNAL, NULL, 0) = 17
read(3, "\1\0\0\0\351\3\0\0\0\0\0\0\5\0\0\0andyc\1\0\0\0*\350\3\0\0d\0"...,
1024) = 80
read(3, "", 1024) = 0
close(3) = 0
The weird thing about the second request is that it is a shadow request
for user "andy" (missing the c) which for some reason doesn't show up in
nslcd.
Another interesting bit from the strace is:
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
If you are not running su under strace, does nslcd show the shadow
lookup? Did the strace output and nslcd debug output match the same try?
A wild guess, but could you try nss-pam-ldapd 0.8.10?
Lastly is the user andy or andyc in /etc/passwd or /etc/shadow?
I'll have another look tomorrow.
