Re: [nssldap] Re: getent passwd problems
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Re: getent passwd problems
- From: stephen mulcahy <stephen.mulcahy [at] deri.org>
- To: charlie derr <cderr [at] simons-rock.edu>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Re: getent passwd problems
- Date: Thu, 12 Feb 2009 10:13:14 +0000
charlie derr wrote:
2. I also noticed that the LDAP database does not contain uidNumber or
gidNumber values for entries - is it possible this is what is causing
"getent passwd" to fail?
Yeah, I think that's definitely going to be a show stopper.
Thanks for the quick reply - and the confirmation that this is the problem.
I'm certainly no expert, but if you don't have those values in LDAP (or
even if they're populated, but not visible to
cn=aproxy,ou=Service Accounts,ou=BBB Users,dc=ie,dc=bbb,dc=ccc ) then I
think you're not going to succeed. I'm curious about how you could have
managed to populate these entries in your directory (because for
objectClass: posixAccount they're both required attributes). Did you
turn off schema checking in your OpenLDAP? (I think you must have
because if you hadn't, you wouldn't have been able to add them without
valid integers being set for both uidNumber and gidNumber ). If so, I
imagine that you'll need to reload your entries with the correct values
all populated.
I don't have access to the openldap server I'm working against but afaik
it is a proxy for an AD server and is mapping some fields on the fly -
so it may not be doing any schema validation. I've passed a request back
up the chain to get uidNumber, gidNumber and other posixAccount fields
added in but it may take some time to get that sorted out.
Thanks,
-stephen
- [nssldap] Re: getent passwd problems, (continued)