[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: getent passwd doesn't show ldap user

installed openldap and configured nslcd.conf and nsswitch.conf.
At the moment getent passwd doesn't show ldap user.
I create a user nslcd_proc for nslcd lookups.
this user belong to the System organizationalUnit.

You can see some checks.

nslcd -d
nslcd: DEBUG: add_uri(ldap://localhost:389)
nslcd: version 0.7.15 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(107) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections

SECOND SHELL: getent passwd-->shows only local users


nslcd: [8b4567] DEBUG: connection from pid=2055 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_all()
nslcd: [8b4567] DEBUG: myldap_search(base="dc=amahoro,dc=bi", filter="(objectClass=posixAccount)")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://localhost:389)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s("uid=nslcd_proc,ou=System,dc=amahoro,dc=bi","***") (uri="ldap://localhost:389";)
nslcd: [8b4567] ldap_result() failed: No such object

These are the permissions of nslcd files and folder

ls -ld /etc/nslcd.conf /var/run/nslcd/ /var/run/nslcd/*
-rw-r----- 1 root  nslcd  635 Apr 21 11:54 /etc/nslcd.conf
drwxr-xr-x 2 nslcd nslcd 4096 Apr 21 11:55 /var/run/nslcd/
-rw-r--r-- 1 root  root     5 Apr 21 11:55 /var/run/nslcd/nslcd.pid
srw-rw-rw- 1 root  root     0 Apr 21 11:55 /var/run/nslcd/socket

Opening /var/run/nslcd/socket it shows:
Error reading /var/run/nslcd/socket: No such device or address

Follow nslcd.conf and slapd.conf.

# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost:389

# The search base that will be used for all queries.
base dc=amahoro,dc=bi

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
binddn uid=nslcd_proc,ou=System,dc=amahoro,dc=bi
bindpw *****

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        trace
modulepath      /usr/lib/ldap
moduleload      back_hdb

#Database Configuration
backend         hdb
database        hdb
suffix          "dc=amahoro,dc=bi"
rootdn          "cn=Manager,dc=amahoro,dc=bi"
rootpw          {SSHA}zH2A+jeSlbl2/UcAXm596KPV4IB/R6x9
directory       /var/lib/ldap
index           objectClass,cn  eq

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to *
        by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read
        by self write
        by * none

Please, do you have some ideas?