[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
objectClass=posixAccount search anomaly.
Dear OpenLDAP Tech list:
I can't tell if the problem below is with OpenLDAP, or nss_ldap. Since I
can reproduce the problem with the ldapsearch command, I'm inclined to
think it's with OpenLDAP. Any assistance will be greatly appreciated.
At the academic institution where are work, there are several different
departments that maintain their own LDAP directory:
dc=sns,dc=example,dc=edu
dc=math,dc=example,dc=edu
dc=itg,dc=example,dc=edu
dc=net,dc=example,dc=edu
and a top-level LDAP server that just contains referrals to the
individual dept servers:
dc=example,dc=edu
We are now looking to share access to systems without duplicating
account information in all the LDAP servers. So if someone from math
would like to log into an SNS system, they can authenticate against
their credentials in the math LDAP directory, and get their account
information from there, too.
We are using an RHEL 5.4-based Linux distro.
To facilitate this, I added this to my /etc/openldap/slapd.conf:
database ldap
suffix "dc=example,dc=edu"
uri ldaps://ldap.example.edu/
And in /etc/ldap.conf, I changed the base to dc=example, dc=edu. The
clients are still searching my local OpenLDAP server first.
After making these changes, 'getent passwd no longer works correctly,
and these ldapsearch no longer returns results
ldapsearch -x objectClass=posixAccount
ldapsearch -x -b dc=example,dc=edu objectClass=posixAccount
ldapsearch -x -b dc=sns,dc=example,dc=edu objectClass=posixAccount
ldapsearch -x -b dc=math,dc=example,dc=edu objectClass=posixAccount
However, these ldapsearches work as expected
ldapsearch -x objectClass=account
ldapsearch -x
ldapsearch -x objectClass=inetorgperson
ldapsearch -x objectClass=inetlocalmailrecipient
ldapsearch -x objectClass=top
ldapsearch -x -b dc=math,dc=example,dc=edu
Any ideas why the behavior is different for the posixAccount object
class vs. the other object classes? Is there any other configurations
for OpenLDAP that would achieve the same goal?
--
Prentice