Re: [nssldap] RV: Unix id command and Openldap

[Patrick Wolfe <pwolfe [at] employease.com>]

When I set my SLES 10 SP2 VM to use "passwd: files ldap" and "group:  
files ldap" and delete the "+:..." lines from /etc/passwd and /etc/ 
group, the id command fails to do ldap lookups, just like the original  
poster.

getent passwd and getent group return the entire local + ldap  
listings.  Looks like the "id" command isn't nsswitch.conf aware on  
SLES.

--

Patrick Wolfe
ADP Employease
770-325-7724



On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:

> On Mon, 22 Dec 2008, Patrick Wolfe wrote:
>
> > I have one SLES 10 SP2 VM configured with ldap authentication, and  
> > the "id" command works just fine.  My /etc/nsswitch.conf "passwd"  
> > and "group" lines are set to "compat", not "files ldap".
>
> If you are using "compat", then the "+:..." lines in /etc/passwd  
> and /etc/group are appropriate (they are what signal the lookup in  
> LDAP for the compat method). If you're using "files ldap" then you  
> don't need the "+..." lines.
>
> For the OP, what do "getent passwd" and "getent group" return?
>
> Steve
> ----------------------------------------------------------------------------
> Steve Thompson                 E-mail:      smt AT vgersoft DOT com
> Voyager Software LLC           Web:         http://www DOT vgersoft  
> DOT com
> 39 Smugglers Path              VSW Support: support AT vgersoft DOT  
> com
> Ithaca, NY 14850
>  "186,300 miles per second: it's not just a good idea, it's the law"
> ----------------------------------------------------------------------------