RE: [nssldap] RV: Unix id command and Openldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] RV: Unix id command and Openldap
- From: <okossuth [at] antel.com.uy>
- To: <pwolfe [at] employease.com>, <jonebird [at] gmail.com>
- Cc: <smt [at] vgersoft.com>, <nssldap [at] padl.com>
- Subject: RE: [nssldap] RV: Unix id command and Openldap
- Date: Tue, 23 Dec 2008 17:13:37 -0200
I'm running SLES10 SP1 and I get nothing too...
vmlx-lamp-intg:/home/okossuth # strace -f id 2>&1 | grep nss
vmlx-lamp-intg:/home/okossuth #
what is going on??
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Patrick
Wolfe
Enviado el: Tuesday, December 23, 2008 4:07 PM
Para: Jon Miller
CC: Patrick Wolfe; Steve Thompson; nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap
yep
susetest1:~ # rpm -qa nss_ldap
nss_ldap-259-4.3
When I run the strace command you mentioned, I get nothing:
susetest1:~ # strace -f id 2>&1 | grep nss
susetest1:~ #
Are you running SLES 10?
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 23, 2008, at 1:57 PM, Jon Miller wrote:
On my SLES 10 SP2 server, the 'id' command is using NSS. I validated it
via the following command:
strace -f id 2>&1 | grep nss
You do have the nss_ldap package installed, right?
-- Jon Miller
On Tue, Dec 23, 2008 at 1:12 PM, Patrick Wolfe <pwolfe@employease.com>
wrote:
When I set my SLES 10 SP2 VM to use "passwd: files ldap" and
"group: files ldap" and delete the "+:..." lines from /etc/passwd and
/etc/group, the id command fails to do ldap lookups, just like the original
poster.
getent passwd and getent group return the entire local + ldap
listings. Looks like the "id" command isn't nsswitch.conf aware on SLES.
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:
On Mon, 22 Dec 2008, Patrick Wolfe wrote:
I have one SLES 10 SP2 VM configured with ldap
authentication, and the "id" command works just fine. My /etc/nsswitch.conf
"passwd" and "group" lines are set to "compat", not "files ldap".
If you are using "compat", then the "+:..." lines in
/etc/passwd and /etc/group are appropriate (they are what signal the lookup in
LDAP for the compat method). If you're using "files ldap" then you don't need
the "+..." lines.
For the OP, what do "getent passwd" and "getent group"
return?
Steve
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT
vgersoft DOT com
Voyager Software LLC Web: http://www
DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT
vgersoft DOT com
Ithaca, NY 14850
"186,300 miles per second: it's not just a good idea,
it's the law"
----------------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.
Re: [nssldap] RV: Unix id command and Openldap,
Andrew Morgan