Re: nss-ldap not working for non-root users

[Gerald Carter <gcarter@valinux.com>]

On Sat, 14 Apr 2001, Ian Macdonald wrote:

> perl -e '($name,$passwd,$uid,$gid) = getpwnam($ARGV[0]); print $uid' kgerber
>
> However, when run as root, it prints 783, which is kgerber's
> uid. kgerber is not in /etc/passwd, so I know that the look-up is
> occurring correctly over LDAP. Both tcpdump and full trace debugging
> on the LDAP server (which is OpenLDAP 2.0.7, running on the same box)
> attest to this also.
>
> Running tcpdump and checking the LDAP server's log, it's clear that
> the LDAP look-up does not take place when the command is run as a
> non-root user. getpwnam() will return the UID of anyone in
> /etc/passwd, but will not go to LDAP for the UID of anyone who isn't.


Check the permissions on /lib/libnss_ldap.so.  Should be 755.


make sure the more specific ACLs come first...

access to dn=".*,ou=people,dc=plainjoe,dc=org" attr=userPassword
        by self write
        by * auth
access to dn=".*,ou=people,,dc=plainjoe,dc=org"
        by * read






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )