Re: [nssldap] RV: Unix id command and Openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Patrick Wolfe <pwolfe [at] employease.com>
To: "Jon Miller" <jonebird [at] gmail.com>
Cc: "Patrick Wolfe" <pwolfe [at] employease.com>, "Steve Thompson" <smt [at] vgersoft.com>, nssldap [at] padl.com
Subject: Re: [nssldap] RV: Unix id command and Openldap
Date: Tue, 23 Dec 2008 14:06:43 -0500

yep

susetest1:~ # rpm -qa nss_ldap

nss_ldap-259-4.3

When I run the strace command you mentioned, I get nothing:

susetest1:~ # strace -f id 2>&1 | grep nss

susetest1:~ #

Are you running SLES 10?

Patrick Wolfe

ADP Employease

770-325-7724

On Dec 23, 2008, at 1:57 PM, Jon Miller wrote:

On my SLES 10 SP2 server, the 'id' command is using NSS. I validated it via the following command:
strace -f id 2>&1 | grep nss

You do have the nss_ldap package installed, right?

-- Jon Miller

On Tue, Dec 23, 2008 at 1:12 PM, Patrick Wolfe <pwolfe [at] employease.com> wrote:
When I set my SLES 10 SP2 VM to use "passwd: files ldap" and "group: files ldap" and delete the "+:..." lines from /etc/passwd and /etc/group, the id command fails to do ldap lookups, just like the original poster.

getent passwd and getent group return the entire local + ldap listings. Looks like the "id" command isn't nsswitch.conf aware on SLES.

--

Patrick Wolfe
ADP Employease
770-325-7724

On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:

On Mon, 22 Dec 2008, Patrick Wolfe wrote:

I have one SLES 10 SP2 VM configured with ldap authentication, and the "id" command works just fine. My /etc/nsswitch.conf "passwd" and "group" lines are set to "compat", not "files ldap".

If you are using "compat", then the "+:..." lines in /etc/passwd and /etc/group are appropriate (they are what signal the lookup in LDAP for the compat method). If you're using "files ldap" then you don't need the "+..." lines.

For the OP, what do "getent passwd" and "getent group" return?

Steve
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
"186,300 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------

RE: [nssldap] RV: Unix id command and Openldap, (continued)

Prev by Date: Re: [nssldap] RV: Unix id command and Openldap
Next by Date: Re: [nssldap] RV: Unix id command and Openldap
Previous by thread: Re: [nssldap] RV: Unix id command and Openldap
Next by thread: Re: [nssldap] RV: Unix id command and Openldap