Re: [nssldap] 8 principal limitation in nssldap

["Douglas E. Engert" <deengert [at] anl.gov>]

On 3/26/2011 8:37 AM, rammie2 wrote:
> Hi,
>
> We are using nss_ldap for authenticating users registered in a LDAP server
> (Open LDAP, Active Directory). After adding 8 principals (/etc/ldap.conf),
> none of the users registered in the /etc/ldap.conf file are able to login.

principals? Principals are not added to the /etc/ldap.conf  Or do you mean RDN?

  The LDAP API references an LDAP object by its distinguished name (DN).
  A DN is a sequence of relative distinguished names (RDN) connected by commas.

  An RDN is an attribute with an associated value in the form attribute=value;
  normally expressed in a UTF-8 string format. The following table lists typical
  RDN attribute types.

> nss_base_passwd
> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname
> nss_base_shadow
> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname
> nss_base_group
> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname

Have you tried using something like:
base DC=someplace,DC=myarea,DC=compname,DC=parentcompname
nss_base_passwd OU=engg,DC=mycompany,DC=region,
nss_base_shadow OU=engg,DC=mycompany,DC=region,
nss_base_group OU=engg,DC=mycompany,DC=region,

Don't know it it will help or not.



> Can you please share the reason for this 7 limitation in the nss_ldap
> library. or how I can fix this issue. I am looking for the header file in
> the source files whhich has this constant or limitation defined.
>
>   Tried googling, but it appears that no one has encountered this issue. Some
> customers of our product are running into this issue and it has become a
> severity 1 issue to fix. Appreciate any help on this
>
> Thanks
> Ramakanth

--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444