lists.arthurdejong.org
RSS feed

Re: [nssldap] Re: getent passwd problems

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] Re: getent passwd problems



On Wednesday 11 February 2009 01:02:58 Josh Miller wrote:
> charlie derr wrote:
> > stephen mulcahy wrote:
> >> Hi,
> >>
> >> Some updates on this.
> >>
> >> 1. I found that you can put the following in /etc/libnss-ldap.conf to
> >> get some debug out
> >>
> >> debug 1
> >>
> >> (where from 1-10 for increasing detail).
> >>
> >> 2. I also noticed that the LDAP database does not contain uidNumber or
> >> gidNumber values for entries - is it possible this is what is causing
> >> "getent passwd" to fail?
>
> If you do a slapcat on your ldap directory, do you see uidNumber or
> gidNumber attributes?  If so you may have neglected to rerun slapindex
> after adding them as indexes (having made this mistake myself).
>
> If you need to run slapindex, shutdown openldap first, run slapindex,
> start back up after verifying permissions...

Missing indexes for attributes you have told slapd are indexed would mean that 
searches on these attributes would not work (i.e., searching using the 
affected attribute in a filter).

However, the attributes are still missing even though the entry is found.  So, 
the most likely cause here is ACLs preventing reading of the uidNumber 
attribute (the uidNumber attribute *must* be present according to the schema 
definition for posixAccount objectclass, which is on the example).

Regards,
Buchan