[nssldap] id: cannot find name for user ID XXXX
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] id: cannot find name for user ID XXXX
- From: "ccyen" <ccyen [at] ascc.net>
- To: nssldap [at] padl.com
- Subject: [nssldap] id: cannot find name for user ID XXXX
- Date: Wed, 31 Jan 2007 11:13:29 +0800
Dear All
I have searched all archived maillist although I found some
similar cases and soultions but no work.
I have added rootbinddn in /etc/ldap.conf and put the manager's password in
/etc/ldap.secret.
I add these setting in nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
So I could login to the ldap client with root(local authentication) and get no
error.
And I(root) could get the correct information when I using the command "finger
alex" .
Here is the problem....
When I using the userid "alex" to login to the server with ldap authentication,
login successfully but get error message "id: cannot find name for user ID
XXXX"
It looks like the ldap client querys from ldap server with insufficient
permission.
But I(alex) could use the commmand
==============================
ldapsearch -x -D "uid=alex,ou=people,dc=sinica,dc=edu,dc=tw" -W -b
"uid=alex,ou=People,dc=sinica,dc=edu,dc=tw"
==============================
to get the complete information
(uid,userPassword,shadowLastChange,shadowExpire,loginShell,uidNumber,
gidNumber,homeDirectory,....) in the ldap client.
I think that it's a permission problem when the ldap client querys the user
infomation from the ldap server but I don't know how to solve this problem.
I have tested it with chmod the files "ldap.conf" and "ldap.secret" to 644 but
no work.
This it the output of command "strace -s 128 -e open getent passwd alex"
==================================================================
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/tls/libc.so.6", O_RDONLY) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_ldap.so.2", O_RDONLY) = 3
open("/lib/libcom_err.so.2", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libresolv.so.2", O_RDONLY) = 3
open("/etc/ldap.conf", O_RDONLY) = 3
open("/etc/ldap.secret", O_RDONLY) = -1 EACCES (Permission denied)
open("/etc/resolv.conf", O_RDONLY) = 3
open("/etc/host.conf", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY) = 3
open("/etc/openldap/ldap.conf", O_RDONLY) = 3
open("/user4/center/ccyen/ldaprc", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/user4/center/ccyen/.ldaprc", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/hosts", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_dns.so.2", O_RDONLY) = 3
Process 24158 detached
=====================================================================
I have checked the ldap.log,
I think there are two sections in that log.
In the first section,ldap client query the ldap server to check the user
passwd and to get some user information with rootbinddn"
In the second section,ldap client query the ldap server with bind db=""!!!
I don't know why it is empty,and I think it's the main reason.
The ldap client uses the empty(anonymous?) bind dn to query ldap server!!!
Of courese the ldap client found nothing.
Could you give me any suggestions?
Thank you and sorry for my poor english.
ccyen
- [nssldap] id: cannot find name for user ID XXXX,
ccyen
