Re: [nssldap] gentent works but "id" and "groups" commands fail with message "failed to get groups for user "
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] gentent works but "id" and "groups" commands fail with message "failed to get groups for user "
- From: Luke Howard <lukeh [at] padl.com>
- To: Arthur de Jong <arthur [at] ch.tudelft.nl>
- Cc: nssldap <nssldap [at] padl.com>
- Subject: Re: [nssldap] gentent works but "id" and "groups" commands fail with message "failed to get groups for user "
- Date: Thu, 27 Mar 2008 22:24:39 +1100
This may have been fixed in nss_ldap-260:
260 Luke Howard <lukeh@padl.com>
* patch from Ralf Haferkamp <rhafer@suse.de>:
only set errno for NSS_TRYAGAIN
-- Luke
On 21/03/2008, at 7:52 PM, Arthur de Jong wrote:
On Thu, 2008-03-20 at 09:42 +0100, jodok-ole.muellers@aschendorff.de
wrote:
I set up libnss-ldap on Linux to get user/group information
from a Windows Active Directory Server.
With getent it all looks fine to me, although I am not sure about
the password field (second field in getent passwd) which is 'x'
for local users and 'ABCD!efgh12345$67890' for ADS users.
Same with getent group, the group password field is 'x' for local
users and '*' for ADS users.
Even though getent output looks fine the
id and groups commands fail for users stored in ADS LDAP:
I ran into this problem with nss-ldapd. It may also affect nss_ldap (I
haven't looked at the code though that this is really the problem).
The GNU glibc docs [1] seem to suggest that if you return
NSS_STATUS_NOTFOUND you should set errno to ENOENT. This however
causes
problems with some tools.
Instead if get*ent() does not find any more entries it should just
return NSS_STATUS_NOTFOUND and not touch errno.
[1] http://www.gnu.org/software/libc/manual/html_node/NSS-Modules-Interface.html
--
-- arthur - arthur@ch.tudelft.nl - http://ch.tudelft.nl/~arthur --
--
www.padl.com | www.fghr.net
