[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cannot ID LDAP User On LDAP Client



On Wednesday, 1 December 2010 22:37:56 Anton Chu wrote:
> I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server.
> I've install the following:
> 
> sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db
> nscd ldap-utils pam_ccreds
> 
> Here's my /etc/nsswitch.conf:
> 
> passwd: files ldap [NOTFOUND=return] db
> 
> > group: files ldap [NOTFOUND=return] db
> > 
> > shadow: files ldap
> > 
> > hosts: files dns
> > networks: files
> > 
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> 
> I can nss_updatedb ldap succssfully:
> # nss_updatedb ldap
> passwd... done.
> group... done.
> 
> I can getent passwd, getent passwd shadow, getent group just fine and
> they all show all my ldap users.

Please compare these two:

$ getent passwd |grep tony
$ getent passwd tony

If the first succeeds (returns a line looking like /etc/passwd), and the 
second fails (returns nothing), then you probably have a negative cache from 
nscd. Stop nscd, and test again. 

> However, I cannot do an id ldapuser
> 
> ex:
> $ id tony
> id: tony: No such user

[...]

> ID works just fine with my local users on my local machine so somehow
> it's not able to read the ldap users.
> 
> Any insights appreciated.

In some environments, I do use nss_ldap+nss_db/nss_updatedb+nscd, but one of 
the newer options (e.g. sssd) may be a better option.

Regards,
Buchan