Re: [nssldap] Re: getent passwd problems

[stephen mulcahy <stephen.mulcahy [at] deri.org>]

charlie derr wrote:
> > 2. I also noticed that the LDAP database does not contain uidNumber or 
> > gidNumber values for entries - is it possible this is what is causing 
> > "getent passwd" to fail?
>
> Yeah, I think that's definitely going to be a show stopper.

Thanks for the quick reply - and the confirmation that this is the problem.

> I'm certainly no expert, but if you don't have those values in LDAP (or 
> even if they're populated, but not visible to
> cn=aproxy,ou=Service Accounts,ou=BBB Users,dc=ie,dc=bbb,dc=ccc ) then I 
> think you're not going to succeed.  I'm curious about how you could have 
> managed to populate these entries in your directory (because for 
> objectClass: posixAccount they're both required attributes).  Did you 
> turn off schema checking in your OpenLDAP?  (I think you must have 
> because if you hadn't, you wouldn't have been able to add them without 
> valid integers being set for both uidNumber and gidNumber ). If so, I 
> imagine that you'll need to reload your entries with the correct values 
> all populated.

I don't have access to the openldap server I'm working against but afaik 
it is a proxy for an AD server and is mapping some fields on the fly - 
so it may not be doing any schema validation. I've passed a request back 
up the chain to get uidNumber, gidNumber and other posixAccount fields 
added in but it may take some time to get that sorted out.

Thanks,

-stephen