RSS feed

Re: uidNumber: out of range

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: uidNumber: out of range


thanks for the quick answer ,

the result of the ldapsearch :
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <ou=people,ou=univ,dc=domain,dc=org> with scope subtree
# filter: uid=testetu
# requesting: ALL

# mistail, people, univ,
aglnMailAlias: Laurent .Mistai
aglnMailEffectiveAddr: Laurent. Mistai@
aglnMailStatus: normal
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: aglnPerson
objectClass: shadowAccount
objectClass: posixAccount
givenName: Laurent
sn: Mistai
cn: Laurent Mistai
uid: mistail
employeeType: P
uidNumber: 4295023917
gidNumber: 4295023917
homeDirectory: uf
aglnAdmissionDate: 00000000
aglnSearchCommonName: laurent mistai
aglnDateOfBirth: 0000000
o: uf

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



Le 20/06/2014 15:01, Arthur de Jong a écrit :
On Fri, 2014-06-20 at 14:49 +0200, Laurent Mistai wrote:
Using ID in a console shell with id we have :
        id testetu
        uid=56621 gid=429502391 groupes=4294967295
But when  use the version of  above nss-pam-ldapd   ( nss-pam-ldapd
0.8.13) on 14.04  :
we have :

        id testetu
        id: testetu : utilisateur inexistant
And with nslcd -d :

        nslcd: [8b4567] <passwd="testetu"> uid=testetu,ou=people,ou=univ,dc=domain,dc=org: uidNumber: out of range
        nslcd: [8b4567] <passwd="testetu"> DEBUG: ldap_result(): end of results (1 total)
The problem is probably in the data in your LDAP directory. The 0.8
series of nss-pam-ldapd includes some extra checks to detect integer
overflows and other LDAP parsing issues.

Can you provide output from ldapsearch showing the entry?

The uidNumber attribute is quite important and it cannot be easily
mangled because the mangling needs to happen in two directions: from the
LDAP server output to the user information and from the search for user
by uid to a search filter.

In 0.8 there is some special support for deriving the numeric uid from
objectSid (useful when using AD).

To unsubscribe send an email to or see