[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (fixed) Re: nss not resolving group id's

To: "'Caylan Van Larson'" <caylan@cs.und.edu>, <openldap-software@OpenLDAP.org>
Subject: RE: (fixed) Re: nss not resolving group id's
From: "Mike Denka" <mdenk@whidbey.net>
Date: Thu, 25 Jul 2002 15:51:03 -0700
Importance: Normal
In-reply-to: <Pine.LNX.4.44.0207251335560.1251-100000@penguin-38.cs.und.nodak.edu>

This thread helped me correct a similar problem I was having getting
generic searches to work in my new ldap installation.  Turns out I
hadn't configured ldap.conf at all so searches would only work for me if
I specified the search base on the ldapsearch command line.  But now I'm
having an interesting related problem:

After adding the correct BASE and URL values in ldap.conf everything
works fine on my master.  But on my replica, setting these values in
ldap.conf doesn't help with generic searches.  Looking into my ldap log
file, I see that ldapsearch is still using the default value for BASE
(i.e., dc=example,dc=com) if I don't specify a base on the command line.
If I set the LDAPBASE environment variable to our real base (the one now
set in ldap.conf), these searches work fine.  So I'm wondering why my
replica doesn't see the changes I am making to
/usr/local/etc/openldap/ldap.conf.  I add the new BASE value, restart
slapd, but the old BASE value is still used in generic searches.  Any
clues where the old default BASE value may be coming from?

Also, I'm using openldap 2.0.23 for the master and 2.0.25 for the
replica.  Anyone know of any problems using slightly different versions
between the master and replica?

Thanks,

Mike

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Caylan Van
Larson
Sent: Thursday, July 25, 2002 11:36 AM
To: openldap-software@OpenLDAP.org
Subject: (fixed) Re: nss not resolving group id's

> Turbo Fredriksson wrote:
> > 
> > > For some reason ldap is not resolving a gidNumber to a gid.
> > >
> > > # www, Groups, Domain, edu
> > > dn: cn=www,ou=Groups,dc=Domain,dc=edu
> > > objectClass: posixGroup
> > > objectClass: top
> > > cn: www
> > > gidNumber: 103
> > > memberUid: user1
> > > memberUid: userX
> > 
> > Looks ok to me. Stupid question perhaps, but you DO have
> > 
> >         group:          files ldap
> > 
> > in /etc/nsswitch.conf? And the searchbase is correctly set in
> > /etc/libnss-ldap.conf? Do you have the libnss-ldap module installed?

Everything is great now.  I found a typo in ldap.conf

"Group" should of been "Groups"...

But something to note.  When I did an "id" on someone it would now show 
all the groups they were in, but it still did not reslove to the correct

name!  I kept on poking around and finally stumbelled upon nscd.  I 
restarted it, and everything started resolving names.

Thanks guys,

Caylan

Follow-Ups:
- Re: (fixed) Re: nss not resolving group id's
  - From: David Wright <ichbin@shadlen.org>
- RE: (fixed) Re: nss not resolving group id's
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- (fixed) Re: nss not resolving group id's
  - From: Caylan Van Larson <caylan@cs.und.edu>

Prev by Date: Re: Insufficient access error when adding entries
Next by Date: Difficulty searching by groupOfNames member
Index(es):
- Chronological
- Thread