Re: uidNumber: out of range

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Laurent Mistai <laurent.mistai [at] ujf-grenoble.fr>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: uidNumber: out of range
Date: Fri, 20 Jun 2014 15:53:08 +0200

Hello,

thanks for the quick answer ,

the result of the ldapsearch :

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=people,ou=univ,dc=domain,dc=org> with scope subtree
# filter: uid=testetu
# requesting: ALL
#

# mistail, people, univ, domain.org
aglnMailAlias: Laurent .Mistai @ujf-grenoble.fr
aglnMailEffectiveAddr: Laurent. Mistai@ ujf-grenoble.fr
aglnMailStatus: normal
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: aglnPerson
objectClass: shadowAccount
objectClass: posixAccount
givenName: Laurent
sn: Mistai
cn: Laurent Mistai
uid: mistail
employeeType: P
uidNumber: 4295023917
gidNumber: 4295023917
homeDirectory: uf
aglnAdmissionDate: 00000000
aglnSearchCommonName: laurent mistai
aglnDateOfBirth: 0000000
o: uf

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

thanks,
regards

Laurent

Le 20/06/2014 15:01, Arthur de Jong a écrit :

On Fri, 2014-06-20 at 14:49 +0200, Laurent Mistai wrote:

Using ID in a console shell with id we have :
        id testetu
        uid=56621 gid=429502391 groupes=4294967295
But when  use the version of  above nss-pam-ldapd   ( nss-pam-ldapd
0.8.13) on 14.04  :
we have :

        id testetu
        id: testetu : utilisateur inexistant
And with nslcd -d :

        nslcd: [8b4567] <passwd="testetu"> uid=testetu,ou=people,ou=univ,dc=domain,dc=org: uidNumber: out of range
        nslcd: [8b4567] <passwd="testetu"> DEBUG: ldap_result(): end of results (1 total)

The problem is probably in the data in your LDAP directory. The 0.8
series of nss-pam-ldapd includes some extra checks to detect integer
overflows and other LDAP parsing issues.

Can you provide output from ldapsearch showing the entry?

The uidNumber attribute is quite important and it cannot be easily
mangled because the mangling needs to happen in two directions: from the
LDAP server output to the user information and from the search for user
by uid to a search filter.

In 0.8 there is some special support for deriving the numeric uid from
objectSid (useful when using AD).

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

uidNumber: out of range, Laurent Mistai
- Re: uidNumber: out of range, Arthur de Jong
  - Re: uidNumber: out of range, Laurent Mistai

Prev by Date: Re: uidNumber: out of range
Next by Date: Re: uidNumber: out of range
Previous by thread: Re: uidNumber: out of range
Next by thread: Re: uidNumber: out of range