lists.arthurdejong.org
RSS feed

[nssldap] some questions regarding Active Directory <--> NSS Ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

[nssldap] some questions regarding Active Directory <--> NSS Ldap



Hello!
 
first, I found that readme.sfu is outdated, how should I request it to be excluded ? via BugZilla ?
 
secondly, I uncommented the following section in libnss_ldap.conf (on Debian)
 
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
 
on the wire (by using wireshark) I see the following attributes being requested:  sAMAccountname, userPassword, uidNumber,gidNumber, cn, unixHomeDirectory,loginShell,gecos,description,objectClass (10 attributes)
 
however, AD only provides 4 attributes: sAMAccountname,cn,objectClass,description
 
thus, id command (id 'someuser') doesn't show anything. yes, query is made and 4 attributes are returned, but user is not found, probably because nss_ldap expects more than 4 attributes. where can I read about it ? what attributes are mandatory and what are optional ?
 
is there good article on Active Directory <--> NSS (all the articles on the site are related to win2000 or just links are broken)< I mean some article on win2008
 
 
Cheers,
Ilya Shipitsin