[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap-head and nss/pam

To: OpenLDAP-bugs@OpenLDAP.org
Subject: openldap-head and nss/pam
From: Michael Weisbach <mwei@tuts.nu>
Date: Mon, 26 Jun 2000 17:15:23 +0200 (MEST)

Hi folks :)

I'm a little bit frustrating about problems with pam/nss and openldap-head.

I've tried to migrade my test system running at openldap-1.2.9 very well
to new openldap-head one (CVS). Currently my Linux box use pam_ldap-51 and
nss_ldap-108 to auth non-system accounts and hold roaming profile and
such stuff :)... very nice feature.

What's the problem?

First of all, I inserted my 1.2.9 exported data into new openldap-head database.
Here comes the relevant data for the problem:

 ---
tirnanog:~ # ldapsearch -D "cn=manager,dc=tuts,dc=nu" -b "dc=tuts,dc=nu" -W "(objectclass=posixGroup)" 
version: 1

#
# filter: (objectclass=posixGroup)
# returning: ALL
#

# users,Group,dc=tuts,dc=nu
dn: cn=users,ou=Group,dc=tuts,dc=nu
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: 0815:-)4711=
gidNumber: 100
memberUid: mwei

# mwei,Group,dc=tuts,dc=nu
dn: cn=mwei,ou=Group,dc=tuts,dc=nu
objectClass: posixGroup
objectClass: top
cn: mwei
gidNumber: 500
 ---

You can see, that is normal posixGroup-data inside my directory. If I logging
into my box with my personal account "mwei" I get always an error, because the
following problem. The nss_ldap-module tried to "reverse lookup" my group with
id "500" (see above - it's really inside!) but fails. Looked arround and
used -DDEBUG at nss_ldap-module, it seems, that openldap-head is the problem.
The filter inside nss_ldap-module looks good... and if I try to manually
use this filter....

 ---
tirnanog:~ # ldapsearch -D "cn=manager,dc=tuts,dc=nu" -b "dc=tuts,dc=nu" -W "(&(objectclass=posixGroup)(gidNumber=500))" 
Enter LDAP password:
version: 1

#
# filter: (&(objectclass=posixGroup)(gidNumber=500))
# returning: ALL
#

 --- /var/log/messages ---
Jun 25 21:42:17 tirnanog slapd[21778]: daemon: conn=20 fd=16 connection from IP=::1 1109 (IP=:: 389) accepted. 
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=0 BIND dn="CN=MANAGER,DC=TUTS,DC=NU" method=128 
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=0 RESULT tag=97 err=0 text= 
Jun 25 21:42:17 tirnanog slapd[21782]: conn=20 op=1 SRCH base="dc=tuts,dc=nu" scope=2 filter="(&(objectClass=posixGroup)(badfilter))" 
Jun 25 21:42:17 tirnanog slapd[21782]: conn=20 op=1 SEARCH RESULT tag=101 err=0 text= 
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=2 UNBIND 
Jun 25 21:42:17 tirnanog slapd[21781]: conn=-1 fd=16 closed 
 ---

... I also get this mysteric problem. What's wrong with this filter?! Any hints?!

I also tried "(&(objectClass=posixGroup)(cn=mwei))" and "(cn=mwei)" - it works and
returns the "cn=mwei,ou=Group..."-entry but "(gidnumber=500)" fails.


	-- Micha

-- 
http://avalon.tuts.nu/ -- The Avalon Project 

42rd Law of Computing: Anything that can go wro
pine: Segmentation violation: Core dumped ^J&6§4^+^)NO CARRIER

Prev by Date: How do you get access to ldap_t61_to_8859 etc (ITS#604)
Next by Date: Re: sigset prototype not included on Linux platforms (ITS#603)
Index(es):
- Chronological
- Thread