[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: getent passwd inconsistent loginShell with ldapsearch



-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton
Sent: Tuesday, March 12, 2013 5:00 AM
To: openldap-technical@openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch

On 11/03/2013 21:26, Rodney Simioni wrote:
> I disabled nscd. Here's my ldap.conf
>
> #SIZELIMIT      12
> #TIMELIMIT      15
> #DEREF          never
> TLS_CACERTDIR /etc/openldap/cacerts
> #URI ldap://127.0.0.1/
> URI ldap://127.0.0.1/
> BASE dc=wh,dc=local
> port 389

Wrong ldap.conf. What's in /etc/ldap.conf and are you absolutely sure that the user doesn't exist in /etc/passwd?

Also what's in /etc/nsswitch.conf for the passwd entry?

On 03/12/13 09:55 -0400, Rodney Simioni wrote:
I don't have a /etc/ldap.conf. I have a /etc/openldap/ldap.conf.

I'm sure my ldap users do not exist in /etc/passwd.

Nscd is disabled.

/etc/nsswitch.conf has:

passwd:      files sss ldap
shadow:     files sss ldap

You have two ldap related nss modules, which might explain your
inconsistency. Try removing ldap.

my sssd.conf is:

[domain/default]

ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=wh,dc=local
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://127.0.0.1/
ldap_tls_cacertdir = /etc/openldap/cacerts

access_provider = ldap
ldap_access_filter = host=localhost
ldap_pwd_policy = shadow


[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = default, local

[nss]

[pam]

[ssh]

[sudo]

[autofs]

--
Dan White