[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: getent passwd inconsistent loginShell with ldapsearch

To: <openldap-technical@openldap.org>
Subject: RE: getent passwd inconsistent loginShell with ldapsearch
From: "Rodney Simioni" <rodney.simioni@verio.net>
Date: Tue, 12 Mar 2013 09:55:57 -0400
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <513EEE9C.3050309@leicester.ac.uk>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F05CB31AB@IAD-WPRD-XCHB03.corp.verio.net> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB31AF@IAD-WPRD-XCHB03.corp.verio.net> <513DA6EB.90803@leicester.ac.uk> <0971982CF6B9AB418FFD5FEF7F50CB9F05CB32DC@IAD-WPRD-XCHB03.corp.verio.net> <513EEE9C.3050309@leicester.ac.uk>
Thread-index: Ac4fAZ3qa9aIeITZTduIAczYzbO00gAJrRMQ
Thread-topic: getent passwd inconsistent loginShell with ldapsearch

I don't have a /etc/ldap.conf. I have a /etc/openldap/ldap.conf.

I'm sure my ldap users do not exist in /etc/passwd.

Nscd is disabled.

/etc/nsswitch.conf has:

passwd:      files sss ldap
shadow:     files sss ldap

my sssd.conf is:

[domain/default]

ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=wh,dc=local
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://127.0.0.1/
ldap_tls_cacertdir = /etc/openldap/cacerts

access_provider = ldap
ldap_access_filter = host=localhost
ldap_pwd_policy = shadow

[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = default, local

[nss]

[pam]

[ssh]

[sudo]

[autofs]

Thank you.
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton
Sent: Tuesday, March 12, 2013 5:00 AM
To: openldap-technical@openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch

On 11/03/2013 21:26, Rodney Simioni wrote:
 > I disabled nscd. Here's my ldap.conf
 >
 > #SIZELIMIT      12
 > #TIMELIMIT      15
 > #DEREF          never
 > TLS_CACERTDIR /etc/openldap/cacerts
 > #URI ldap://127.0.0.1/
 > URI ldap://127.0.0.1/
 > BASE dc=wh,dc=local
 > port 389

Wrong ldap.conf. What's in /etc/ldap.conf and are you absolutely sure that the user doesn't exist in /etc/passwd?

Also what's in /etc/nsswitch.conf for the passwd entry?

-- 
Liam Gretton                                    liam.gretton@le.ac.uk
Systems Specialist                            http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road Leicestershire LE1 7RH, United Kingdom

This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free.  Thank you.

Follow-Ups:
- Re: getent passwd inconsistent loginShell with ldapsearch
  - From: Dan White <dwhite@olp.net>

References:
- RE: getent passwd inconsistent loginShell with ldapsearch
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- RE: getent passwd inconsistent loginShell with ldapsearch
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- Re: getent passwd inconsistent loginShell with ldapsearch
  - From: Liam Gretton <liam.gretton@leicester.ac.uk>
- RE: getent passwd inconsistent loginShell with ldapsearch
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- Re: getent passwd inconsistent loginShell with ldapsearch
  - From: Liam Gretton <liam.gretton@leicester.ac.uk>

Prev by Date: Re: getent passwd inconsistent loginShell with ldapsearch
Next by Date: Re: getent passwd inconsistent loginShell with ldapsearch
Index(es):
- Chronological
- Thread