[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap-head and nss/pam
Hi folks :)
I'm a little bit frustrating about problems with pam/nss and openldap-head.
I've tried to migrade my test system running at openldap-1.2.9 very well
to new openldap-head one (CVS). Currently my Linux box use pam_ldap-51 and
nss_ldap-108 to auth non-system accounts and hold roaming profile and
such stuff :)... very nice feature.
What's the problem?
First of all, I inserted my 1.2.9 exported data into new openldap-head database.
Here comes the relevant data for the problem:
---
tirnanog:~ # ldapsearch -D "cn=manager,dc=tuts,dc=nu" -b "dc=tuts,dc=nu" -W "(objectclass=posixGroup)"
version: 1
#
# filter: (objectclass=posixGroup)
# returning: ALL
#
# users,Group,dc=tuts,dc=nu
dn: cn=users,ou=Group,dc=tuts,dc=nu
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: 0815:-)4711=
gidNumber: 100
memberUid: mwei
# mwei,Group,dc=tuts,dc=nu
dn: cn=mwei,ou=Group,dc=tuts,dc=nu
objectClass: posixGroup
objectClass: top
cn: mwei
gidNumber: 500
---
You can see, that is normal posixGroup-data inside my directory. If I logging
into my box with my personal account "mwei" I get always an error, because the
following problem. The nss_ldap-module tried to "reverse lookup" my group with
id "500" (see above - it's really inside!) but fails. Looked arround and
used -DDEBUG at nss_ldap-module, it seems, that openldap-head is the problem.
The filter inside nss_ldap-module looks good... and if I try to manually
use this filter....
---
tirnanog:~ # ldapsearch -D "cn=manager,dc=tuts,dc=nu" -b "dc=tuts,dc=nu" -W "(&(objectclass=posixGroup)(gidNumber=500))"
Enter LDAP password:
version: 1
#
# filter: (&(objectclass=posixGroup)(gidNumber=500))
# returning: ALL
#
--- /var/log/messages ---
Jun 25 21:42:17 tirnanog slapd[21778]: daemon: conn=20 fd=16 connection from IP=::1 1109 (IP=:: 389) accepted.
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=0 BIND dn="CN=MANAGER,DC=TUTS,DC=NU" method=128
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=0 RESULT tag=97 err=0 text=
Jun 25 21:42:17 tirnanog slapd[21782]: conn=20 op=1 SRCH base="dc=tuts,dc=nu" scope=2 filter="(&(objectClass=posixGroup)(badfilter))"
Jun 25 21:42:17 tirnanog slapd[21782]: conn=20 op=1 SEARCH RESULT tag=101 err=0 text=
Jun 25 21:42:17 tirnanog slapd[21781]: conn=20 op=2 UNBIND
Jun 25 21:42:17 tirnanog slapd[21781]: conn=-1 fd=16 closed
---
... I also get this mysteric problem. What's wrong with this filter?! Any hints?!
I also tried "(&(objectClass=posixGroup)(cn=mwei))" and "(cn=mwei)" - it works and
returns the "cn=mwei,ou=Group..."-entry but "(gidnumber=500)" fails.
-- Micha
--
http://avalon.tuts.nu/ -- The Avalon Project
42rd Law of Computing: Anything that can go wro
pine: Segmentation violation: Core dumped ^J&6§4^+^)NO CARRIER