Re: getent passwd only catch local user passwd

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Tue, Apr 28, 2015 at 07:49:07PM +0000, Yingbo Li wrote:

> I am new to LDAP.  The company’s IT own LDAP server, I tried to configure
> openldap client but failed. My OS is CentOS 7, openldap is 2.4.39.
> 
> I configured ldap and ldaps. I can use ldapsearch to find out full ldap info of
> my LDAP account. I configured with authconfig-tui. I also modified /etc/pam.d/
> system-auth and password-auth, change pam_sss.so to pam_ldap.so. While when I
> tried getent passwd, I can only find local users. I cannot su to my LDAP
> account. Why?

You have probably messed up the config by making those changes. CentOS 7 expects to
use SSSD to access LDAP: it provides useful services and isolates system processes
from the LDAP service so you should not try to bypass it.

Lots of useful information here:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html#SSSD-Introduction

Rather than editing config files directly, try to get a basic system running by
using the authconfig command. This should make sure that you have a consistent
setup. Better still, select LDAP authentication when you install the system and let
the install wizard help you through the process.

If your LDAP service places size limits or restrictive access-control on the data
you may need to create an account for SSSD to bind with so that it can bypass the
limits.

This is not really an OpenLDAP problem, so you are likely to get more detailed help
on a Red Hat or CentOS mailing list or forum.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------