[Date Prev][Date Next] [Chronological] [Thread] [Top]

Specific user accounts not available to system.

To: openldap-software@OpenLDAP.org
Subject: Specific user accounts not available to system.
From: Caylan Van Larson <caylan@cs.und.edu>
Date: Wed, 19 Jun 2002 14:03:17 -0500 (CDT)

Hello,

For some reason, certain user accounts that exist in LDAP are not being
recognized by the system.  I have done all that I can to remedy this, so
now I turn to you.

We have about 5000 users in LDAP currently with about 100 user accounts
not being accessed correctly from one of our servers.

There is a total of 8 servers.  6 Redhat (7.0-7.2) and 2 Sun Solaris
2.8.  There is no problem with the accounts what-so-ever on any of the
machines except for one called betamax.  I mention this because I am
confident that it is not the LDAP Directory itself causing errors which
lies on 2 (primary,secondary) of our linux servers.

Betamax handles mail, web and samba.  It does not have user accounts
locally but retreives that info via LDAP.  It is using the latest pam/nss
modules from PADL.

By creating a /etc/passwd file with the needed user information (on hand
luckily) we were able to restore functionality temporarily.  By adding the
passwd file it seemed that the hickup of "seeing if accounts existed" was
fixed.  However, this is only temporary.  Whenever the local passwd file
is removed, it takes about 10 seconds for the command "id username" to
return "no such user".

To fix this I have tried a multiple of things with no positive effect(s):

* Remove and re-add the affected user(s).
* Upgrade to latest padl software.
* Upgrade to latest openldap version.
* truss/strace id and compare good w/ bad attempts.
* Inspect logs/debug from slapd, (note: bad attempts with id never even
get to slapd, which makes me think that nss is the culprit)
* Turn off/on and reconfigure nscd
* Export full ldif's to see any differences between good/bad user accounts.
* Copy over a working ldap.conf
* Changing the ldap server that it is connecting to, (to pinpoint
connection problems or defunt db)

I seriously have no idea what to do.  If nothing else works I am going to
tear down and rebuild this machine this or next weekend.

By the way: ldapsearch's return the user account information
perfectly.  For instance, on betamax:

$id rkramer
id: rkramer: no such user

$ldapsearch (uid=rkramer)
.
.
. Full results for that entry in LDAP
. (So he is there!!!!!!)
.

Thanks for any help you may have,

:-D

cl

Caylan Van Larson
Unix Administrator - Systems Team Member
University of North Dakota (Aerospace College)
caylan@cs.und.edu
701-777-6151 (work)

Follow-Ups:
- Re: Specific user accounts not available to system.
  - From: Paul Goracke <paul@goracke.org>
- Re: Specific user accounts not available to system.
  - From: Caylan Van Larson <caylan@cs.und.edu>

Prev by Date: Re: What is EXTERNAL SASL Mechanism?
Next by Date: Re: Specific user accounts not available to system.
Index(es):
- Chronological
- Thread