RE: [pamldap] RE: [nssldap] pam_ldap and nss_ldap can't connect to LDAP server(s)

[Aaron Hicks <HicksA [at] landcareresearch.co.nz>]

Hi Karl,

When I use ldapsearch and bind with the same credentials, I get a sucessful 
search on the filter (&(objectClass=user)(sAMAccountName=ldapuser)), which is 
the same search filter used by nss_ldap when I execute an id ldapuser or getent 
passwd ldapuser

Regards,

Aaron Hicks

PS. None of thes LDAP users have previously logged into this server.

> -----Original Message-----
> From: Karl O. Pinc [kop [at] meme.com]
> Sent: Friday, 26 June 2009 1:42 p.m.
> To: Aaron Hicks
> Cc: pamldap@padl.com; nssldap@padl.com
> Subject: Re: [pamldap] RE: [nssldap] pam_ldap and nss_ldap can't
> connect to LDAP server(s)
>
>
> On 06/25/2009 07:19:45 PM, Aaron Hicks wrote:
> > Hmm, getent passwd ldapuser and id ldapuser now produce these debug
> > messages, and not find the LDAP user (even though it is exactly the
> > same user it's binding with)
>
> FWIW when that happens with an OpenLDAP server it's because you've
> rights to bind (or maybe lookup by direct dn match, I forget)
> but not search.  Or at least that's one way to exhibit those symptoms,
> there could be others.
>
> Karl <kop@meme.com>
> Free Software:  "You don't pay back, you pay forward."
>                   -- Robert A. Heinlein

Please consider the environment before printing this email
Warning:  This electronic message together with any attachments is 
confidential. If you receive it in error: (i) you must not read, use, disclose, 
copy or retain it; (ii) please contact the sender immediately by reply email 
and then delete the emails.
The views expressed in this email may not be those of Landcare Research New 
Zealand Limited. http://www.landcareresearch.co.nz