[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Unix id command and Openldap

To: <andrew.findlay@skills-1st.co.uk>
Subject: RE: Unix id command and Openldap
From: <okossuth@antel.com.uy>
Date: Wed, 17 Dec 2008 17:07:48 -0200
Cc: openldap-technical@openldap.org, claus.kick@siemens.com
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <20081217184930.GF23817@tile.skills-1st.co.uk>
Thread-index: AclgeEcsEB8fsRACSxCRb1aARHlyrQAAGBxA
Thread-topic: Unix id command and Openldap

Hi

I get this when searching the jbosstest user defined on the ldap server

conn=896 fd=41 ACCEPT from IP=127.0.0.1:47131 (IP=0.0.0.0:389)
conn=896 op=0 BIND dn="" method=128
conn=896 op=0 RESULT tag=97 err=0 text=
# extended LDIF
#
# LDAPv3
# base <ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter:  (memberUID=jbosstest)
# requesting: ALL
#

conn=896 op=1 SRCH base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" scope=2 deref=0 filter="(memberUid=jbosstest)"
conn=896 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
# search result
search: 2
result: 0 Success

# numResponses: 1
vmlx-ldapauth-test:/etc/openldap # conn=896 op=2 UNBIND
conn=896 fd=41 closed ()

And I get this when I search the group mysql defined on the ldap server too:

vmlx-ldapauth-test:/home/okossuth # ldapsearch -x  -D 'cn=admin,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' -W  -b 'ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' cn=mysql
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter: cn=mysql
# requesting: ALL
#

# mysql, Grupos, Teleinformatica, vmlx-ldapauth-test.in.iantel.com.uy
dn: cn=mysql,ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.c
 om.uy
cn: mysql
objectClass: posixGroup
objectClass: namedObject
objectClass: top
description: gdodera
gidNumber: 4620
memberUid: gdodera
memberUid: jbosstest

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

thanks for your help!


Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones


-----Mensaje original-----
De: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk] 
Enviado el: Wednesday, December 17, 2008 3:50 PM
Para: Kossuth Espinosa, Oskar
CC: claus.kick@siemens.com; openldap-technical@openldap.org
Asunto: Re: Unix id command and Openldap

On Wed, Dec 17, 2008 at 03:40:54PM -0200, okossuth@antel.com.uy wrote:

> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.

OK - from a quick scan of those I would expect a group lookup to be
roughly equivalent to this search:

ldapsearch -x -b \
"ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" \
'(memberUID=XXX)'

where XXX is the username of a user that appears in some group.

What do you get if you try that search? Could you post a typical entry
from the
ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy
area?

It would still be useful to post the log output when running slapd
with loglevel 768 (stats + stats2)

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.

Follow-Ups:
- Re: Unix id command and Openldap
  - From: Christian Marg <marg@rz.tu-clausthal.de>

References:
- Re: Unix id command and Openldap
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: Unix id command and Openldap
Next by Date: Cache/Proxy/Replicating a distant, slow LDAP server
Index(es):
- Chronological
- Thread