RE: [nssldap] RV: Unix id command and Openldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] RV: Unix id command and Openldap
- From: <okossuth [at] antel.com.uy>
- To: <pwolfe [at] employease.com>
- Cc: <jonebird [at] gmail.com>, <smt [at] vgersoft.com>, <nssldap [at] padl.com>
- Subject: RE: [nssldap] RV: Unix id command and Openldap
- Date: Tue, 23 Dec 2008 17:16:45 -0200
Me too hehe, I switched off nscd and I got
vmlx-lamp-intg:/home/okossuth # strace -f id 2>&1 | grep nss
open("/etc/nsswitch.conf", O_RDONLY) = 3
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1264
open("/lib/libnss_ldap.so.2", O_RDONLY) = 3
read(3, "Name\n#nss_map_attribute gidNumbe"..., 4096) = 1902
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/lib/libnss_dns.so.2", O_RDONLY) = 3
vmlx-lamp-intg:/home/okossuth #
still id does not show any secondary groups:
vmlx-lamp-intg:/home/okossuth # id jbosstest
uid=7000(jbosstest) gid=7002(ldaptest) groups=7002(ldaptest)
vmlx-lamp-intg:/home/okossuth #
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Patrick
Wolfe
Enviado el: Tuesday, December 23, 2008 4:10 PM
Para: Patrick Wolfe
CC: Jon Miller; Steve Thompson; nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap
never mind. I found my problem. needed to turn off NSCD (service nscd stop).
Now the id and strace command work as expected.
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 23, 2008, at 2:06 PM, Patrick Wolfe wrote:
yep
susetest1:~ # rpm -qa nss_ldap
nss_ldap-259-4.3
When I run the strace command you mentioned, I get nothing:
susetest1:~ # strace -f id 2>&1 | grep nss
susetest1:~ #
Are you running SLES 10?
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 23, 2008, at 1:57 PM, Jon Miller wrote:
On my SLES 10 SP2 server, the 'id' command is using NSS. I
validated it via the following command:
strace -f id 2>&1 | grep nss
You do have the nss_ldap package installed, right?
-- Jon Miller
On Tue, Dec 23, 2008 at 1:12 PM, Patrick Wolfe
<pwolfe@employease.com> wrote:
When I set my SLES 10 SP2 VM to use "passwd: files
ldap" and "group: files ldap" and delete the "+:..." lines from /etc/passwd and
/etc/group, the id command fails to do ldap lookups, just like the original
poster.
getent passwd and getent group return the entire local
+ ldap listings. Looks like the "id" command isn't nsswitch.conf aware on SLES.
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:
On Mon, 22 Dec 2008, Patrick Wolfe wrote:
I have one SLES 10 SP2 VM configured
with ldap authentication, and the "id" command works just fine. My
/etc/nsswitch.conf "passwd" and "group" lines are set to "compat", not "files
ldap".
If you are using "compat", then the "+:..."
lines in /etc/passwd and /etc/group are appropriate (they are what signal the
lookup in LDAP for the compat method). If you're using "files ldap" then you
don't need the "+..." lines.
For the OP, what do "getent passwd" and "getent
group" return?
Steve
----------------------------------------------------------------------------
Steve Thompson E-mail: smt
AT vgersoft DOT com
Voyager Software LLC Web:
http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support:
support AT vgersoft DOT com
Ithaca, NY 14850
"186,300 miles per second: it's not just a
good idea, it's the law"
----------------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.