Re: [nssldap] RV: Unix id command and Openldap

["Jon Miller" <jonebird [at] gmail.com>]

On my SLES 10 SP2 server, the 'id' command is using NSS. I validated it via the following command:
strace -f id 2>&1 | grep nss

You do have the nss_ldap package installed, right? 

-- Jon Miller

On Tue, Dec 23, 2008 at 1:12 PM, Patrick Wolfe <pwolfe [at] employease.com> wrote:

When I set my SLES 10 SP2 VM to use "passwd: files ldap" and "group: files ldap" and delete the "+:..." lines from /etc/passwd and /etc/group, the id command fails to do ldap lookups, just like the original poster.

getent passwd and getent group return the entire local + ldap listings.  Looks like the "id" command isn't nsswitch.conf aware on SLES.

--

Patrick Wolfe
ADP Employease
770-325-7724

On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:

On Mon, 22 Dec 2008, Patrick Wolfe wrote:

I have one SLES 10 SP2 VM configured with ldap authentication, and the "id" command works just fine.  My /etc/nsswitch.conf "passwd" and "group" lines are set to "compat", not "files ldap".

If you are using "compat", then the "+:..." lines in /etc/passwd and /etc/group are appropriate (they are what signal the lookup in LDAP for the compat method). If you're using "files ldap" then you don't need the "+..." lines.

For the OP, what do "getent passwd" and "getent group" return?

Steve
----------------------------------------------------------------------------
Steve Thompson                 E-mail:      smt AT vgersoft DOT com
Voyager Software LLC           Web:         http://www DOT vgersoft DOT com
39 Smugglers Path              VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
 "186,300 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------