[nssldap] Re: getent passwd problems
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] Re: getent passwd problems
- From: stephen mulcahy <stephen.mulcahy [at] deri.org>
- To: nssldap [at] padl.com
- Subject: [nssldap] Re: getent passwd problems
- Date: Tue, 10 Feb 2009 18:44:39 +0000
Hi,
Some updates on this.
1. I found that you can put the following in /etc/libnss-ldap.conf to
get some debug out
debug 1
(where from 1-10 for increasing detail).
2. I also noticed that the LDAP database does not contain uidNumber or
gidNumber values for entries - is it possible this is what is causing
"getent passwd" to fail? If so, is there any way to work around this
(i.e. get libnss-ldap to auto-generate uidNumbers on the fly?)
thanks,
-stephen
stephen mulcahy wrote:
Hi,
I'm trying to configure both an Ubuntu 8.10 system and a Debian Etch
4.0 system to authenticate against an openldap server. I've done this in
the past against other openldap servers without problems but have failed
to get nss-ldap so far with this configuration. I suspect I'm missing
something in the LDAP search parameters but I'm having trouble debugging
this. Are there additional options I can give to nss-ldap to see what
query it is sending to the openldap server? I've tried wireshark but
since I'm using SSL it doesn't give me anything useful.
An ldapsearch against the openldap server gives me the following,
ldapsearch -xLLL -H ldaps://aaa.bbb.ie/ -b "ou=BBB
Users,dc=ie,dc=bbb,dc=ccc" -D "cn=aproxy,ou=Service Accounts,ou=BBB
Users,dc=ie,dc=bbb,dc=local" -wSecret
"(&(objectClass=posixAccount)(uid=*))"
Returns an answer of the following format,
dn: cn=Stephen Mulcahy,ou=Researchers,ou=Users,ou=BBB
Users,dc=ie,dc=bbb,dc=
ccc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
cn: Stephen Mulcahy
sn: Mulcahy
givenName: Stephen
shadowLastChange: 128763417020503940
uid: xxxxxx
mail: xxxxxxxx@bbbb.org
So it seems to have valid data.
If I install libnss-ldap and edit /etc/nsswitch.conf as follows
passwd: files ldap
and edit /etc/libnss-ldap.conf as follows
base ou=BBB Users,dc=ie,dc=bbb,dc=ccc
uri ldaps://aaa.bbb.ie/
ldap_version 3
binddn cn=aproxy,ou=Service Accounts,ou=BBB Users,dc=ie,dc=bbb,dc=ccc
bindpw Secret
scope sub
pam_filter objectclass=posixAccount
pam_login_attribute uid
nss_schema rfc2307bis
nss_base_passwd ou=Users,ou=BBB Users,dc=ie,dc=bbb,dc=ccc
tls_checkpeer no
ssl on
and then try running getent passwd, I still only get my local user list,
not the additional entries from LDAP. There are no error messages logged
in /var/log/auth.log, /var/log/messages or /var/log/syslog
Any tips on how to proceed appreciated.
Thanks,
-stephen