[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring UNIX clients to retrieve user info from LDAP



On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
> Hi All,
>
> Sorry for reposting the mail. This is a long term problem for me. I am
> unable to retrieve user information from LDAP server, which is a proxy to
> AD. The normal LDAP search (see the command below) gets me the data, but
> the "getent passwd" only gets me local users from passwd file.
>
> ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au
>  '(uid=nazeerm)'
>
>
> Is there any problem with my configuration? Thank you very much.
>
>
> Here is my client configuration.

What OS / Distro ?

Did you make any changes to /etc/nsswitch.conf ?

>
> --------------------------------------
>
> uri ldap://ldapserver.research.phg.com.au/
> base dc=internal,dc=phg,dc=com,dc=au
> scope sub
> bind_timelimit 15
> timelimit 15
> ssl no
> referrals no
> nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_group
> dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup group
>
> nss_map_attribute gecos cn
> nss_map_attribute homeDirectory unixHomeDirectory
> nss_map_attribute uniqueMember member
> nss_initgroups_ignoreusers root,ldap
>
> pam_filter objectClass=posixAccount
> pam_login_attribute uid
> pam_lookup_policy no


Add:
debug 1

to this file, then, having ensured that nscd is not running, run 'getent 
passwd ldapuser', and you should see quite a bit of debugging output, e.g.:

# getent passwd bgmilne
ldap_create                          
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_create                                         
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_simple_bind                                    
ldap_sasl_bind                                      
ldap_send_initial_request                           
ldap_new_connection 1 1 0                           
ldap_int_open_connection                            
ldap_connect_to_host: TCP tiger.ranger.dnsalias.com:389

[...]

ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt (x}{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash