[nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Jodok Ole Müllers <jodok-ole.muellers [at] aschendorff.de>
To: nssldap [at] padl.com
Subject: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
Date: Fri, 14 Mar 2008 11:08:05 +0100

Hello,

I set up libnss-ldap 259-1 to get user/group information
from a windows 2003 Active Directory server but I was getting these errors
when running "getent passwd". 

root@hardy:/etc# getent passwd
... local users ...
root:x:0:0:root:/root:/bin/bash
sshd:x:111:65534::/var/run/sshd:/usr/sbin/nologin
... users configured on the ADS ...
Administrator:ABCD!efgh12345$67890:10003:10000:Administrator:/home/Administrator:/bin/sh
heinzt:ABCD!efgh12345$67890:10000:10002:Heinz Test:/home/heinzt:/bin/bash
ldap:ABCD!efgh12345$67890:10001:10001:ldap:/home/ldap:/bin/sh
adsuser:ABCD!efgh12345$67890:10004:100001:ADS User:/home/adsuser:/bin/bash
Unable to chase referral 
"ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de" (-1: 
Can't contact LDAP server)
Unable to chase referral 
"ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de" (-1: 
Can't contact LDAP server)
Unable to chase referral 
"ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de" (-1: Can't contact 
LDAP server)

It turned out that this errors were cause by the ADS sending not only data but 
also strange referrals:

ldapsearch -x -H ldap://10.2.1.70 -D "CN=ldap,CN=Users,DC=av-verlag,DC=de" -W 
-b "dc=av-verlag,dc=de" 
.... a lot of ldif here, and at the end of the output: ...
# search reference
ref: ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de

# search reference
ref: ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de

# search reference
ref: ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de

These hostnames after the ldap:// are not valid hostnames.
I am wondering where they are comming from.
To work around this problem I added this to /etc/hosts:
10.2.1.70       ForestDnsZones.av-verlag.de
10.2.1.70       DomainDnsZones.av-verlag.de
10.2.1.70       av-verlag.de

This works, but is dirty.

My ADS admin was not able to tell me what these
referals are about nor does he know how to disable them.
He told me that they returned by default.

Is this a known problem ?
Can I tell libnss-ldap to ignore them somehow ?


Best Regards,
Jodok Ole Müllers

[nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral, Jodok Ole Müllers

Re: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral, Jamin W. Collins
- Re: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral, Jodok Ole Müllers

Prev by Date: Re: [nssldap] uniquemember attribute issue
Next by Date: Re: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
Previous by thread: Re: [nssldap] uniquemember attribute issue
Next by thread: Re: [nssldap] Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral