[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Unix id command and Openldap
Hi
I get this when searching the jbosstest user defined on the ldap server
conn=896 fd=41 ACCEPT from IP=127.0.0.1:47131 (IP=0.0.0.0:389)
conn=896 op=0 BIND dn="" method=128
conn=896 op=0 RESULT tag=97 err=0 text=
# extended LDIF
#
# LDAPv3
# base <ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter: (memberUID=jbosstest)
# requesting: ALL
#
conn=896 op=1 SRCH base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" scope=2 deref=0 filter="(memberUid=jbosstest)"
conn=896 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
# search result
search: 2
result: 0 Success
# numResponses: 1
vmlx-ldapauth-test:/etc/openldap # conn=896 op=2 UNBIND
conn=896 fd=41 closed ()
And I get this when I search the group mysql defined on the ldap server too:
vmlx-ldapauth-test:/home/okossuth # ldapsearch -x -D 'cn=admin,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' -W -b 'ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' cn=mysql
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter: cn=mysql
# requesting: ALL
#
# mysql, Grupos, Teleinformatica, vmlx-ldapauth-test.in.iantel.com.uy
dn: cn=mysql,ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.c
om.uy
cn: mysql
objectClass: posixGroup
objectClass: namedObject
objectClass: top
description: gdodera
gidNumber: 4620
memberUid: gdodera
memberUid: jbosstest
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
thanks for your help!
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk]
Enviado el: Wednesday, December 17, 2008 3:50 PM
Para: Kossuth Espinosa, Oskar
CC: claus.kick@siemens.com; openldap-technical@openldap.org
Asunto: Re: Unix id command and Openldap
On Wed, Dec 17, 2008 at 03:40:54PM -0200, okossuth@antel.com.uy wrote:
> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.
OK - from a quick scan of those I would expect a group lookup to be
roughly equivalent to this search:
ldapsearch -x -b \
"ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" \
'(memberUID=XXX)'
where XXX is the username of a user that appears in some group.
What do you get if you try that search? Could you post a typical entry
from the
ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy
area?
It would still be useful to post the log output when running slapd
with loglevel 768 (stats + stats2)
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.