[nssldap] getent passwd problems

[stephen mulcahy <stephen.mulcahy [at] deri.org>]

Hi,

I'm trying to configure both an  Ubuntu 8.10 system and a Debian Etch 
4.0 system to authenticate against an openldap server. I've done this in 
the past against other openldap servers without problems but have failed 
to get nss-ldap so far with this configuration. I suspect I'm missing 
something in the LDAP search parameters but I'm having trouble debugging 
this. Are there additional options I can give to nss-ldap to see what 
query it is sending to the openldap server? I've tried wireshark but 
since I'm using SSL it doesn't give me anything useful.

An ldapsearch against the openldap server gives me the following,

ldapsearch -xLLL -H ldaps://aaa.bbb.ie/ -b "ou=BBB 
Users,dc=ie,dc=bbb,dc=ccc" -D "cn=aproxy,ou=Service Accounts,ou=BBB 
Users,dc=ie,dc=bbb,dc=local" -wSecret 
"(&(objectClass=posixAccount)(uid=*))"

Returns an answer of the following format,

dn: cn=Stephen Mulcahy,ou=Researchers,ou=Users,ou=BBB Users,dc=ie,dc=bbb,dc=
 ccc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
cn: Stephen Mulcahy
sn: Mulcahy
givenName: Stephen
shadowLastChange: 128763417020503940
uid: xxxxxx
mail: xxxxxxxx@bbbb.org


So it seems to have valid data.

If I install libnss-ldap and edit /etc/nsswitch.conf as follows

passwd:         files ldap

and edit /etc/libnss-ldap.conf as follows

base ou=BBB Users,dc=ie,dc=bbb,dc=ccc
uri ldaps://aaa.bbb.ie/
ldap_version 3

binddn cn=aproxy,ou=Service Accounts,ou=BBB Users,dc=ie,dc=bbb,dc=ccc
bindpw Secret

scope sub

pam_filter objectclass=posixAccount
pam_login_attribute uid


nss_schema rfc2307bis

nss_base_passwd         ou=Users,ou=BBB Users,dc=ie,dc=bbb,dc=ccc

tls_checkpeer no
ssl on

and then try running getent passwd, I still only get my local user list, 
not the additional entries from LDAP. There are no error messages logged 
in /var/log/auth.log, /var/log/messages or /var/log/syslog

Any tips on how to proceed appreciated.

Thanks,

-stephen