
[nssldap] some questions regarding Active Directory <--> NSS Ldap
[Date Prev][Date Next] [Thread Prev][Thread Next][nssldap] some questions regarding Active Directory <--> NSS Ldap
- From: Илья Шипицин <chipitsine [at] gmail.com>
- To: nssldap [at] padl.com
- Subject: [nssldap] some questions regarding Active Directory <--> NSS Ldap
- Date: Tue, 23 Feb 2010 19:53:01 +0500
Hello!
first, I found that readme.sfu is outdated, how should I request it to be excluded ? via BugZilla ?
secondly, I uncommented the following section in libnss_ldap.conf (on Debian)
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
on the wire (by using wireshark) I see the following attributes being requested: sAMAccountname, userPassword, uidNumber,gidNumber, cn, unixHomeDirectory,loginShell,gecos,description,objectClass (10 attributes)
however, AD only provides 4 attributes: sAMAccountname,cn,objectClass,description
thus, id command (id 'someuser') doesn't show anything. yes, query is made and 4 attributes are returned, but user is not found, probably because nss_ldap expects more than 4 attributes. where can I read about it ? what attributes are mandatory and what are optional ?
is there good article on Active Directory <--> NSS (all the articles on the site are related to win2000 or just links are broken)< I mean some article on win2008
Cheers,
Ilya Shipitsin
- [nssldap] some questions regarding Active Directory <--> NSS Ldap, Илья Шипицин
- Prev by Date: Re: [nssldap] nss_map_attribute gidNumber problem
- Next by Date: [nssldap] template for some attributes
- Previous by thread: Re: [nssldap] nss_map_attribute gidNumber problem
- Next by thread: Re: [nssldap] some questions regarding Active Directory <--> NSS Ldap