lists.arthurdejong.org
RSS feed

RE: [nssldap] RV: Unix id command and Openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: [nssldap] RV: Unix id command and Openldap

Me too hehe, I switched off nscd and I got

vmlx-lamp-intg:/home/okossuth # strace -f id 2>&1 | grep nss
open("/etc/nsswitch.conf", O_RDONLY)    = 3
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1264
open("/lib/libnss_ldap.so.2", O_RDONLY) = 3
read(3, "Name\n#nss_map_attribute gidNumbe"..., 4096) = 1902
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/lib/libnss_dns.so.2", O_RDONLY)  = 3
vmlx-lamp-intg:/home/okossuth #

still id does not show any secondary groups:

vmlx-lamp-intg:/home/okossuth # id jbosstest
uid=7000(jbosstest) gid=7002(ldaptest) groups=7002(ldaptest)
vmlx-lamp-intg:/home/okossuth #

Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones


-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Patrick 
Wolfe
Enviado el: Tuesday, December 23, 2008 4:10 PM
Para: Patrick Wolfe
CC: Jon Miller; Steve Thompson; nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap

never mind.  I found my problem.  needed to turn off NSCD  (service nscd stop). 
 Now the id and strace command work as expected.


--

Patrick Wolfe
ADP Employease
770-325-7724



On Dec 23, 2008, at 2:06 PM, Patrick Wolfe wrote:


        yep

        susetest1:~ # rpm -qa nss_ldap
        nss_ldap-259-4.3


        When I run the strace command you mentioned, I get nothing:

        susetest1:~ # strace -f id 2>&1 | grep nss
        susetest1:~ # 

        Are you running SLES 10?
        
        
        
        
        

        --

        Patrick Wolfe
        ADP Employease
        770-325-7724



        On Dec 23, 2008, at 1:57 PM, Jon Miller wrote:


                On my SLES 10 SP2 server, the 'id' command is using NSS. I 
validated it via the following command:
                strace -f id 2>&1 | grep nss
                
                You do have the nss_ldap package installed, right? 
                
                -- Jon Miller
                
                
                On Tue, Dec 23, 2008 at 1:12 PM, Patrick Wolfe 
<pwolfe@employease.com> wrote:
                

                        When I set my SLES 10 SP2 VM to use "passwd: files 
ldap" and "group: files ldap" and delete the "+:..." lines from /etc/passwd and 
/etc/group, the id command fails to do ldap lookups, just like the original 
poster.
                        
                        getent passwd and getent group return the entire local 
+ ldap listings.  Looks like the "id" command isn't nsswitch.conf aware on SLES.


                        --
                        
                        Patrick Wolfe
                        ADP Employease
                        770-325-7724
                        
                        
                        
                        
                        On Dec 22, 2008, at 5:38 PM, Steve Thompson wrote:
                        
                        

                                On Mon, 22 Dec 2008, Patrick Wolfe wrote:
                                
                                

                                        I have one SLES 10 SP2 VM configured 
with ldap authentication, and the "id" command works just fine.  My 
/etc/nsswitch.conf "passwd" and "group" lines are set to "compat", not "files 
ldap".
                                        


                                If you are using "compat", then the "+:..." 
lines in /etc/passwd and /etc/group are appropriate (they are what signal the 
lookup in LDAP for the compat method). If you're using "files ldap" then you 
don't need the "+..." lines.
                                
                                For the OP, what do "getent passwd" and "getent 
group" return?
                                
                                Steve
                                
----------------------------------------------------------------------------
                                Steve Thompson                 E-mail:      smt 
AT vgersoft DOT com
                                Voyager Software LLC           Web:         
http://www DOT vgersoft DOT com
                                39 Smugglers Path              VSW Support: 
support AT vgersoft DOT com
                                Ithaca, NY 14850
                                 "186,300 miles per second: it's not just a 
good idea, it's the law"
                                
----------------------------------------------------------------------------
                                
                                
                                






El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.