[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Configuring UNIX clients to retrieve user info from LDAP
Thanks for the reply. Here are the messing details.
>What OS / Distro ?
I am using CentOS 5.1. The nsswitch.conf is properly configured. If change the uri or host in /etc/ldap.conf to a standard ldap, it works fine. Only if I refer to an ldap server which is proxy to AD server it fails.
>Add:
>debug 1
I did this and here is a sample output. It's connecting to the server (hera2), but not getting any information. Strange!
ldap_create
ldap_url_parse_ext(ldap://hera2.research.phg.com.au/)
ldap_create
ldap_url_parse_ext(ldap://hera2.research.phg.com.au/)
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP hera2.research.phg.com.au:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.100.237:389
ldap_connect_timeout: fd: 3 tm: 15 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush: 14 bytes to sd 3
ldap_result ld 0x4f3b510 msgid 1
ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0
ldap_chkResponseList returns ld 0x4f3b510 NULL
wait4msg ld 0x4f3b510 msgid 1 (timeout 15000000 usec)
wait4msg continue ld 0x4f3b510 msgid 1 all 0
** ld 0x4f3b510 Connections:
* host: hera2.research.phg.com.au port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue:
Empty
ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0
ldap_chkResponseList returns ld 0x4f3b510 NULL
ldap_int_select
read1msg: ld 0x4f3b510 msgid 1 all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x4f3b510 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x4f3b510 0 new referrals
read1msg: mark request completed, ld 0x4f3b510 msgid 1
request done: ld 0x4f3b510 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search
put_filter: "(&(objectClass=user)(uid=nazeerm))"
put_filter: AND
put_filter_list "(objectClass=user)(uid=nazeerm)"
put_filter: "(objectClass=user)"
put_filter: simple
put_simple_filter: "objectClass=user"
put_filter: "(uid=nazeerm)"
put_filter: simple
put_simple_filter: "uid=nazeerm"
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush: 204 bytes to sd 3
ldap_result ld 0x4f3b510 msgid 2
ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1
ldap_chkResponseList returns ld 0x4f3b510 NULL
wait4msg ld 0x4f3b510 msgid 2 (timeout 15000000 usec)
wait4msg continue ld 0x4f3b510 msgid 2 all 1
** ld 0x4f3b510 Connections:
* host: hera2.research.phg.com.au port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue:
Empty
ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1
ldap_chkResponseList returns ld 0x4f3b510 NULL
ldap_int_select
-----Original Message-----
From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
Sent: Tuesday, 21 October 2008 5:22 PM
To: openldap-technical@openldap.org
Cc: Nazeeruddin Mohammad
Subject: Re: Configuring UNIX clients to retrieve user info from LDAP
On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
> Hi All,
>
> Sorry for reposting the mail. This is a long term problem for me. I am
> unable to retrieve user information from LDAP server, which is a proxy to
> AD. The normal LDAP search (see the command below) gets me the data, but
> the "getent passwd" only gets me local users from passwd file.
>
> ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au
> '(uid=nazeerm)'
>
>
> Is there any problem with my configuration? Thank you very much.
>
>
> Here is my client configuration.
>
> --------------------------------------
>
> uri ldap://ldapserver.research.phg.com.au/
> base dc=internal,dc=phg,dc=com,dc=au
> scope sub
> bind_timelimit 15
> timelimit 15
> ssl no
> referrals no
> nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_group
> dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup group
>
> nss_map_attribute gecos cn
> nss_map_attribute homeDirectory unixHomeDirectory
> nss_map_attribute uniqueMember member
> nss_initgroups_ignoreusers root,ldap
>
> pam_filter objectClass=posixAccount
> pam_login_attribute uid
> pam_lookup_policy no
***************************************************************************
CAUTION: This email message and accompanying data may contain information
that is confidential and/or subject to legal privilege. If you are not the
intended recipient, you are notified that any use, dissemination,
distribution or copying of this message or data is prohibited.
If you have received this email message in error, please notify us
immediately and erase all copies of this message and attachments. Thank you.
***************************************************************************