[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Configuring UNIX clients to retrieve user info from LDAP
On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
> Hi All,
>
> Sorry for reposting the mail. This is a long term problem for me. I am
> unable to retrieve user information from LDAP server, which is a proxy to
> AD. The normal LDAP search (see the command below) gets me the data, but
> the "getent passwd" only gets me local users from passwd file.
>
> ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au
> '(uid=nazeerm)'
>
>
> Is there any problem with my configuration? Thank you very much.
>
>
> Here is my client configuration.
What OS / Distro ?
Did you make any changes to /etc/nsswitch.conf ?
>
> --------------------------------------
>
> uri ldap://ldapserver.research.phg.com.au/
> base dc=internal,dc=phg,dc=com,dc=au
> scope sub
> bind_timelimit 15
> timelimit 15
> ssl no
> referrals no
> nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_group
> dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup group
>
> nss_map_attribute gecos cn
> nss_map_attribute homeDirectory unixHomeDirectory
> nss_map_attribute uniqueMember member
> nss_initgroups_ignoreusers root,ldap
>
> pam_filter objectClass=posixAccount
> pam_login_attribute uid
> pam_lookup_policy no
Add:
debug 1
to this file, then, having ensured that nscd is not running, run 'getent
passwd ldapuser', and you should see quite a bit of debugging output, e.g.:
# getent passwd bgmilne
ldap_create
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_create
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP tiger.ranger.dnsalias.com:389
[...]
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt (x}{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash