[Date Prev][Date Next] [Chronological] [Thread] [Top]

Back-ldap and Nssov



Hi all,

I am using Openldap 2.4.23 (on Ubuntu Hardy 8.04) to test nssov.
Everything is working perfectly on the primary server, with user,
group and host information being pulled from Openldap via nssov.
Testing of authorized service / pam integration via slapd acls is also
working correctly.

On another Ubuntu Hardy system I setup back-ldap and nssov, and though
it works perfectly (including logins/acls, etc), there appears to be
some issue when running:

getent group

I simply get one group returned (there are 4 on the primary server),
with the following recorded in the (back-ldap server) logs (debug set
to -1):

-- back-ldap log on `getent group` --
root@dev01:/opt/zivios/openldap/etc/openldap# getent group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:zwebuser
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
dhcp:x:102:
syslog:x:103:
klog:x:104:
scanner:x:105:
nvram:x:106:
ssh:x:107:
ntp:x:109:
ssl-cert:x:110:zwebuser,zopenldap
zwebgroup:x:950:
zopenldap:x:945:
mysql:x:108:
daemon: activity on 1 descriptor
daemon: activity on: 10r
daemon: read active on 10
connection_get(10)
connection_get(10): got connid=0
nssov: connection from uid=0 gid=0
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: epoll: listen=9 active_threads=0 tvp=NULL
nssov_group_all()
str2filter "(objectClass=posixGroup)"
put_filter: "(objectClass=posixGroup)"
put_filter: simple
put_simple_filter: "objectClass=posixGroup"
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0xb6db8010 ptr=0xb6db8010 end=0xb6db802b len=27
  0000:  a3 19 04 0b 6f 62 6a 65  63 74 43 6c 61 73 73 04   ....objectClass.
  0010:  0a 70 6f 73 69 78 47 72  6f 75 70                  .posixGroup
end get_filter 0
=>ldap_back_getconn: conn 0x8d3b058 fetched refcnt=1.
ldap_search_ext
put_filter: "(objectClass=posixGroup)"
put_filter: simple
put_simple_filter: "objectClass=posixGroup"
ldap_build_search_req ATTRS: cn userPassword gidNumber memberUid member
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x8d484a8 ptr=0x8d484a8 end=0x8d4851d len=117
  0000:  30 73 02 01 04 63 6e 04  10 64 63 3d 7a 69 76 69   0s...cn..dc=zivi
  0010:  6f 73 2c 64 63 3d 6e 65  74 0a 01 02 0a 01 00 02   os,dc=net.......
  0020:  01 00 02 01 00 01 01 00  a3 19 04 0b 6f 62 6a 65   ............obje
  0030:  63 74 43 6c 61 73 73 04  0a 70 6f 73 69 78 47 72   ctClass..posixGr
  0040:  6f 75 70 30 30 04 02 63  6e 04 0c 75 73 65 72 50   oup00..cn..userP
  0050:  61 73 73 77 6f 72 64 04  09 67 69 64 4e 75 6d 62   assword..gidNumb
  0060:  65 72 04 09 6d 65 6d 62  65 72 55 69 64 04 06 6d   er..memberUid..m
  0070:  65 6d 62 65 72                                     ember
ber_scanf fmt ({) ber:
ber_dump: buf=0x8d484a8 ptr=0x8d484ad end=0x8d4851d len=112
  0000:  63 6e 04 10 64 63 3d 7a  69 76 69 6f 73 2c 64 63   cn..dc=zivios,dc
  0010:  3d 6e 65 74 0a 01 02 0a  01 00 02 01 00 02 01 00   =net............
  0020:  01 01 00 a3 19 04 0b 6f  62 6a 65 63 74 43 6c 61   .......objectCla
  0030:  73 73 04 0a 70 6f 73 69  78 47 72 6f 75 70 30 30   ss..posixGroup00
  0040:  04 02 63 6e 04 0c 75 73  65 72 50 61 73 73 77 6f   ..cn..userPasswo
  0050:  72 64 04 09 67 69 64 4e  75 6d 62 65 72 04 09 6d   rd..gidNumber..m
  0060:  65 6d 62 65 72 55 69 64  04 06 6d 65 6d 62 65 72   emberUid..member
ber_flush2: 117 bytes to sd 12
  0000:  30 73 02 01 04 63 6e 04  10 64 63 3d 7a 69 76 69   0s...cn..dc=zivi
  0010:  6f 73 2c 64 63 3d 6e 65  74 0a 01 02 0a 01 00 02   os,dc=net.......
  0020:  01 00 02 01 00 01 01 00  a3 19 04 0b 6f 62 6a 65   ............obje
  0030:  63 74 43 6c 61 73 73 04  0a 70 6f 73 69 78 47 72   ctClass..posixGr
  0040:  6f 75 70 30 30 04 02 63  6e 04 0c 75 73 65 72 50   oup00..cn..userP
  0050:  61 73 73 77 6f 72 64 04  09 67 69 64 4e 75 6d 62   assword..gidNumb
  0060:  65 72 04 09 6d 65 6d 62  65 72 55 69 64 04 06 6d   er..memberUid..m
  0070:  65 6d 62 65 72                                     ember
ldap_write: want=117, written=117
  0000:  30 73 02 01 04 63 6e 04  10 64 63 3d 7a 69 76 69   0s...cn..dc=zivi
  0010:  6f 73 2c 64 63 3d 6e 65  74 0a 01 02 0a 01 00 02   os,dc=net.......
  0020:  01 00 02 01 00 01 01 00  a3 19 04 0b 6f 62 6a 65   ............obje
  0030:  63 74 43 6c 61 73 73 04  0a 70 6f 73 69 78 47 72   ctClass..posixGr
  0040:  6f 75 70 30 30 04 02 63  6e 04 0c 75 73 65 72 50   oup00..cn..userP
  0050:  61 73 73 77 6f 72 64 04  09 67 69 64 4e 75 6d 62   assword..gidNumb
  0060:  65 72 04 09 6d 65 6d 62  65 72 55 69 64 04 06 6d   er..memberUid..m
  0070:  65 6d 62 65 72                                     ember
ldap_result ld 0x8d48288 msgid 4
wait4msg ld 0x8d48288 msgid 4 (timeout 100000 usec)
wait4msg continue ld 0x8d48288 msgid 4 all 0
** ld 0x8d48288 Connections:
* host: dev02.zivios.net  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Wed Aug  4 17:21:55 2010


** ld 0x8d48288 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x8d48288 request count 1 (abandoned 0)
** ld 0x8d48288 Response Queue:
   Empty
  ld 0x8d48288 response count 0
ldap_chkResponseList ld 0x8d48288 msgid 4 all 0
ldap_chkResponseList returns ld 0x8d48288 NULL
ldap_int_select
read1msg: ld 0x8d48288 msgid 4 all 0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 82 01 26 02 01 04 64                            0..&...d
ldap_read: want=290, got=290
  0000:  82 01 1f 04 26 63 6e 3d  65 63 6c 73 74 61 66 66   ....&cn=eclstaff
  0010:  2c 6f 75 3d 67 72 6f 75  70 73 2c 64 63 3d 7a 69   ,ou=groups,dc=zi
  0020:  76 69 6f 73 2c 64 63 3d  6e 65 74 30 81 f4 30 13   vios,dc=net0..0.
  0030:  04 09 67 69 64 4e 75 6d  62 65 72 31 06 04 04 33   ..gidNumber1...3
  0040:  30 30 30 30 10 04 02 63  6e 31 0a 04 08 65 63 6c   0000...cn1...ecl
  0050:  73 74 61 66 66 30 81 ca  04 06 6d 65 6d 62 65 72   staff0....member
  0060:  31 81 bf 04 25 75 69 64  3d 6d 68 61 73 68 6d 69   1...%uid=mhashmi
  0070:  2c 6f 75 3d 75 73 65 72  73 2c 64 63 3d 7a 69 76   ,ou=users,dc=ziv
  0080:  69 6f 73 2c 64 63 3d 6e  65 74 04 23 75 69 64 3d   ios,dc=net.#uid=
  0090:  66 6b 68 61 6e 2c 6f 75  3d 75 73 65 72 73 2c 64   fkhan,ou=users,d
  00a0:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74 04   c=zivios,dc=net.
  00b0:  25 75 69 64 3d 6a 61 62  62 61 73 69 2c 6f 75 3d   %uid=jabbasi,ou=
  00c0:  75 73 65 72 73 2c 64 63  3d 7a 69 76 69 6f 73 2c   users,dc=zivios,
  00d0:  64 63 3d 6e 65 74 04 25  75 69 64 3d 7a 73 68 61   dc=net.%uid=zsha
  00e0:  69 6b 68 2c 6f 75 3d 75  73 65 72 73 2c 64 63 3d   ikh,ou=users,dc=
  00f0:  7a 69 76 69 6f 73 2c 64  63 3d 6e 65 74 04 23 75   zivios,dc=net.#u
  0100:  69 64 3d 61 6b 68 61 6e  2c 6f 75 3d 75 73 65 72   id=akhan,ou=user
  0110:  73 2c 64 63 3d 7a 69 76  69 6f 73 2c 64 63 3d 6e   s,dc=zivios,dc=n
  0120:  65 74                                              et
ber_get_next: tag 0x30 len 294 contents:
ber_dump: buf=0x8d496d0 ptr=0x8d496d0 end=0x8d497f6 len=294
  0000:  02 01 04 64 82 01 1f 04  26 63 6e 3d 65 63 6c 73   ...d....&cn=ecls
  0010:  74 61 66 66 2c 6f 75 3d  67 72 6f 75 70 73 2c 64   taff,ou=groups,d
  0020:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74 30   c=zivios,dc=net0
  0030:  81 f4 30 13 04 09 67 69  64 4e 75 6d 62 65 72 31   ..0...gidNumber1
  0040:  06 04 04 33 30 30 30 30  10 04 02 63 6e 31 0a 04   ...30000...cn1..
  0050:  08 65 63 6c 73 74 61 66  66 30 81 ca 04 06 6d 65   .eclstaff0....me
  0060:  6d 62 65 72 31 81 bf 04  25 75 69 64 3d 6d 68 61   mber1...%uid=mha
  0070:  73 68 6d 69 2c 6f 75 3d  75 73 65 72 73 2c 64 63   shmi,ou=users,dc
  0080:  3d 7a 69 76 69 6f 73 2c  64 63 3d 6e 65 74 04 23   =zivios,dc=net.#
  0090:  75 69 64 3d 66 6b 68 61  6e 2c 6f 75 3d 75 73 65   uid=fkhan,ou=use
  00a0:  72 73 2c 64 63 3d 7a 69  76 69 6f 73 2c 64 63 3d   rs,dc=zivios,dc=
  00b0:  6e 65 74 04 25 75 69 64  3d 6a 61 62 62 61 73 69   net.%uid=jabbasi
  00c0:  2c 6f 75 3d 75 73 65 72  73 2c 64 63 3d 7a 69 76   ,ou=users,dc=ziv
  00d0:  69 6f 73 2c 64 63 3d 6e  65 74 04 25 75 69 64 3d   ios,dc=net.%uid=
  00e0:  7a 73 68 61 69 6b 68 2c  6f 75 3d 75 73 65 72 73   zshaikh,ou=users
  00f0:  2c 64 63 3d 7a 69 76 69  6f 73 2c 64 63 3d 6e 65   ,dc=zivios,dc=ne
  0100:  74 04 23 75 69 64 3d 61  6b 68 61 6e 2c 6f 75 3d   t.#uid=akhan,ou=
  0110:  75 73 65 72 73 2c 64 63  3d 7a 69 76 69 6f 73 2c   users,dc=zivios,
  0120:  64 63 3d 6e 65 74                                  dc=net
read1msg: ld 0x8d48288 msgid 4 message type search-entry
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d496d3 end=0x8d497f6 len=291
  0000:  64 82 01 1f 04 26 63 6e  3d 65 63 6c 73 74 61 66   d....&cn=eclstaf
  0010:  66 2c 6f 75 3d 67 72 6f  75 70 73 2c 64 63 3d 7a   f,ou=groups,dc=z
  0020:  69 76 69 6f 73 2c 64 63  3d 6e 65 74 30 81 f4 30   ivios,dc=net0..0
  0030:  13 04 09 67 69 64 4e 75  6d 62 65 72 31 06 04 04   ...gidNumber1...
  0040:  33 30 30 30 30 10 04 02  63 6e 31 0a 04 08 65 63   30000...cn1...ec
  0050:  6c 73 74 61 66 66 30 81  ca 04 06 6d 65 6d 62 65   lstaff0....membe
  0060:  72 31 81 bf 04 25 75 69  64 3d 6d 68 61 73 68 6d   r1...%uid=mhashm
  0070:  69 2c 6f 75 3d 75 73 65  72 73 2c 64 63 3d 7a 69   i,ou=users,dc=zi
  0080:  76 69 6f 73 2c 64 63 3d  6e 65 74 04 23 75 69 64   vios,dc=net.#uid
  0090:  3d 66 6b 68 61 6e 2c 6f  75 3d 75 73 65 72 73 2c   =fkhan,ou=users,
  00a0:  64 63 3d 7a 69 76 69 6f  73 2c 64 63 3d 6e 65 74   dc=zivios,dc=net
  00b0:  04 25 75 69 64 3d 6a 61  62 62 61 73 69 2c 6f 75   .%uid=jabbasi,ou
  00c0:  3d 75 73 65 72 73 2c 64  63 3d 7a 69 76 69 6f 73   =users,dc=zivios
  00d0:  2c 64 63 3d 6e 65 74 04  25 75 69 64 3d 7a 73 68   ,dc=net.%uid=zsh
  00e0:  61 69 6b 68 2c 6f 75 3d  75 73 65 72 73 2c 64 63   aikh,ou=users,dc
  00f0:  3d 7a 69 76 69 6f 73 2c  64 63 3d 6e 65 74 04 23   =zivios,dc=net.#
  0100:  75 69 64 3d 61 6b 68 61  6e 2c 6f 75 3d 75 73 65   uid=akhan,ou=use
  0110:  72 73 2c 64 63 3d 7a 69  76 69 6f 73 2c 64 63 3d   rs,dc=zivios,dc=
  0120:  6e 65 74                                           net
>>> dnPrettyNormal: <cn=eclstaff,ou=groups,dc=zivios,dc=net>
=> ldap_bv2dn(cn=eclstaff,ou=groups,dc=zivios,dc=net,0)
<= ldap_bv2dn(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=eclstaff,ou=groups,dc=zivios,dc=net)=0
<<< dnPrettyNormal: <cn=eclstaff,ou=groups,dc=zivios,dc=net>,
<cn=eclstaff,ou=groups,dc=zivios,dc=net>
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49702 end=0x8d497f6 len=244
  0000:  30 13 04 09 67 69 64 4e  75 6d 62 65 72 31 06 04   0...gidNumber1..
  0010:  04 33 30 30 30 30 10 04  02 63 6e 31 0a 04 08 65   .30000...cn1...e
  0020:  63 6c 73 74 61 66 66 30  81 ca 04 06 6d 65 6d 62   clstaff0....memb
  0030:  65 72 31 81 bf 04 25 75  69 64 3d 6d 68 61 73 68   er1...%uid=mhash
  0040:  6d 69 2c 6f 75 3d 75 73  65 72 73 2c 64 63 3d 7a   mi,ou=users,dc=z
  0050:  69 76 69 6f 73 2c 64 63  3d 6e 65 74 04 23 75 69   ivios,dc=net.#ui
  0060:  64 3d 66 6b 68 61 6e 2c  6f 75 3d 75 73 65 72 73   d=fkhan,ou=users
  0070:  2c 64 63 3d 7a 69 76 69  6f 73 2c 64 63 3d 6e 65   ,dc=zivios,dc=ne
  0080:  74 04 25 75 69 64 3d 6a  61 62 62 61 73 69 2c 6f   t.%uid=jabbasi,o
  0090:  75 3d 75 73 65 72 73 2c  64 63 3d 7a 69 76 69 6f   u=users,dc=zivio
  00a0:  73 2c 64 63 3d 6e 65 74  04 25 75 69 64 3d 7a 73   s,dc=net.%uid=zs
  00b0:  68 61 69 6b 68 2c 6f 75  3d 75 73 65 72 73 2c 64   haikh,ou=users,d
  00c0:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74 04   c=zivios,dc=net.
  00d0:  23 75 69 64 3d 61 6b 68  61 6e 2c 6f 75 3d 75 73   #uid=akhan,ou=us
  00e0:  65 72 73 2c 64 63 3d 7a  69 76 69 6f 73 2c 64 63   ers,dc=zivios,dc
  00f0:  3d 6e 65 74                                        =net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d4970f end=0x8d497f6 len=231
  0000:  00 06 04 04 33 30 30 30  30 10 04 02 63 6e 31 0a   ....30000...cn1.
  0010:  04 08 65 63 6c 73 74 61  66 66 30 81 ca 04 06 6d   ..eclstaff0....m
  0020:  65 6d 62 65 72 31 81 bf  04 25 75 69 64 3d 6d 68   ember1...%uid=mh
  0030:  61 73 68 6d 69 2c 6f 75  3d 75 73 65 72 73 2c 64   ashmi,ou=users,d
  0040:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74 04   c=zivios,dc=net.
  0050:  23 75 69 64 3d 66 6b 68  61 6e 2c 6f 75 3d 75 73   #uid=fkhan,ou=us
  0060:  65 72 73 2c 64 63 3d 7a  69 76 69 6f 73 2c 64 63   ers,dc=zivios,dc
  0070:  3d 6e 65 74 04 25 75 69  64 3d 6a 61 62 62 61 73   =net.%uid=jabbas
  0080:  69 2c 6f 75 3d 75 73 65  72 73 2c 64 63 3d 7a 69   i,ou=users,dc=zi
  0090:  76 69 6f 73 2c 64 63 3d  6e 65 74 04 25 75 69 64   vios,dc=net.%uid
  00a0:  3d 7a 73 68 61 69 6b 68  2c 6f 75 3d 75 73 65 72   =zshaikh,ou=user
  00b0:  73 2c 64 63 3d 7a 69 76  69 6f 73 2c 64 63 3d 6e   s,dc=zivios,dc=n
  00c0:  65 74 04 23 75 69 64 3d  61 6b 68 61 6e 2c 6f 75   et.#uid=akhan,ou
  00d0:  3d 75 73 65 72 73 2c 64  63 3d 7a 69 76 69 6f 73   =users,dc=zivios
  00e0:  2c 64 63 3d 6e 65 74                               ,dc=net
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49717 end=0x8d497f6 len=223
  0000:  30 10 04 02 63 6e 31 0a  04 08 65 63 6c 73 74 61   0...cn1...eclsta
  0010:  66 66 30 81 ca 04 06 6d  65 6d 62 65 72 31 81 bf   ff0....member1..
  0020:  04 25 75 69 64 3d 6d 68  61 73 68 6d 69 2c 6f 75   .%uid=mhashmi,ou
  0030:  3d 75 73 65 72 73 2c 64  63 3d 7a 69 76 69 6f 73   =users,dc=zivios
  0040:  2c 64 63 3d 6e 65 74 04  23 75 69 64 3d 66 6b 68   ,dc=net.#uid=fkh
  0050:  61 6e 2c 6f 75 3d 75 73  65 72 73 2c 64 63 3d 7a   an,ou=users,dc=z
  0060:  69 76 69 6f 73 2c 64 63  3d 6e 65 74 04 25 75 69   ivios,dc=net.%ui
  0070:  64 3d 6a 61 62 62 61 73  69 2c 6f 75 3d 75 73 65   d=jabbasi,ou=use
  0080:  72 73 2c 64 63 3d 7a 69  76 69 6f 73 2c 64 63 3d   rs,dc=zivios,dc=
  0090:  6e 65 74 04 25 75 69 64  3d 7a 73 68 61 69 6b 68   net.%uid=zshaikh
  00a0:  2c 6f 75 3d 75 73 65 72  73 2c 64 63 3d 7a 69 76   ,ou=users,dc=ziv
  00b0:  69 6f 73 2c 64 63 3d 6e  65 74 04 23 75 69 64 3d   ios,dc=net.#uid=
  00c0:  61 6b 68 61 6e 2c 6f 75  3d 75 73 65 72 73 2c 64   akhan,ou=users,d
  00d0:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74      c=zivios,dc=net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d4971d end=0x8d497f6 len=217
  0000:  00 0a 04 08 65 63 6c 73  74 61 66 66 30 81 ca 04   ....eclstaff0...
  0010:  06 6d 65 6d 62 65 72 31  81 bf 04 25 75 69 64 3d   .member1...%uid=
  0020:  6d 68 61 73 68 6d 69 2c  6f 75 3d 75 73 65 72 73   mhashmi,ou=users
  0030:  2c 64 63 3d 7a 69 76 69  6f 73 2c 64 63 3d 6e 65   ,dc=zivios,dc=ne
  0040:  74 04 23 75 69 64 3d 66  6b 68 61 6e 2c 6f 75 3d   t.#uid=fkhan,ou=
  0050:  75 73 65 72 73 2c 64 63  3d 7a 69 76 69 6f 73 2c   users,dc=zivios,
  0060:  64 63 3d 6e 65 74 04 25  75 69 64 3d 6a 61 62 62   dc=net.%uid=jabb
  0070:  61 73 69 2c 6f 75 3d 75  73 65 72 73 2c 64 63 3d   asi,ou=users,dc=
  0080:  7a 69 76 69 6f 73 2c 64  63 3d 6e 65 74 04 25 75   zivios,dc=net.%u
  0090:  69 64 3d 7a 73 68 61 69  6b 68 2c 6f 75 3d 75 73   id=zshaikh,ou=us
  00a0:  65 72 73 2c 64 63 3d 7a  69 76 69 6f 73 2c 64 63   ers,dc=zivios,dc
  00b0:  3d 6e 65 74 04 23 75 69  64 3d 61 6b 68 61 6e 2c   =net.#uid=akhan,
  00c0:  6f 75 3d 75 73 65 72 73  2c 64 63 3d 7a 69 76 69   ou=users,dc=zivi
  00d0:  6f 73 2c 64 63 3d 6e 65  74                        os,dc=net
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49729 end=0x8d497f6 len=205
  0000:  30 81 ca 04 06 6d 65 6d  62 65 72 31 81 bf 04 25   0....member1...%
  0010:  75 69 64 3d 6d 68 61 73  68 6d 69 2c 6f 75 3d 75   uid=mhashmi,ou=u
  0020:  73 65 72 73 2c 64 63 3d  7a 69 76 69 6f 73 2c 64   sers,dc=zivios,d
  0030:  63 3d 6e 65 74 04 23 75  69 64 3d 66 6b 68 61 6e   c=net.#uid=fkhan
  0040:  2c 6f 75 3d 75 73 65 72  73 2c 64 63 3d 7a 69 76   ,ou=users,dc=ziv
  0050:  69 6f 73 2c 64 63 3d 6e  65 74 04 25 75 69 64 3d   ios,dc=net.%uid=
  0060:  6a 61 62 62 61 73 69 2c  6f 75 3d 75 73 65 72 73   jabbasi,ou=users
  0070:  2c 64 63 3d 7a 69 76 69  6f 73 2c 64 63 3d 6e 65   ,dc=zivios,dc=ne
  0080:  74 04 25 75 69 64 3d 7a  73 68 61 69 6b 68 2c 6f   t.%uid=zshaikh,o
  0090:  75 3d 75 73 65 72 73 2c  64 63 3d 7a 69 76 69 6f   u=users,dc=zivio
  00a0:  73 2c 64 63 3d 6e 65 74  04 23 75 69 64 3d 61 6b   s,dc=net.#uid=ak
  00b0:  68 61 6e 2c 6f 75 3d 75  73 65 72 73 2c 64 63 3d   han,ou=users,dc=
  00c0:  7a 69 76 69 6f 73 2c 64  63 3d 6e 65 74            zivios,dc=net
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d49734 end=0x8d497f6 len=194
  0000:  00 81 bf 04 25 75 69 64  3d 6d 68 61 73 68 6d 69   ....%uid=mhashmi
  0010:  2c 6f 75 3d 75 73 65 72  73 2c 64 63 3d 7a 69 76   ,ou=users,dc=ziv
  0020:  69 6f 73 2c 64 63 3d 6e  65 74 04 23 75 69 64 3d   ios,dc=net.#uid=
  0030:  66 6b 68 61 6e 2c 6f 75  3d 75 73 65 72 73 2c 64   fkhan,ou=users,d
  0040:  63 3d 7a 69 76 69 6f 73  2c 64 63 3d 6e 65 74 04   c=zivios,dc=net.
  0050:  25 75 69 64 3d 6a 61 62  62 61 73 69 2c 6f 75 3d   %uid=jabbasi,ou=
  0060:  75 73 65 72 73 2c 64 63  3d 7a 69 76 69 6f 73 2c   users,dc=zivios,
  0070:  64 63 3d 6e 65 74 04 25  75 69 64 3d 7a 73 68 61   dc=net.%uid=zsha
  0080:  69 6b 68 2c 6f 75 3d 75  73 65 72 73 2c 64 63 3d   ikh,ou=users,dc=
  0090:  7a 69 76 69 6f 73 2c 64  63 3d 6e 65 74 04 23 75   zivios,dc=net.#u
  00a0:  69 64 3d 61 6b 68 61 6e  2c 6f 75 3d 75 73 65 72   id=akhan,ou=user
  00b0:  73 2c 64 63 3d 7a 69 76  69 6f 73 2c 64 63 3d 6e   s,dc=zivios,dc=n
  00c0:  65 74                                              et
>>> dnPretty: <uid=mhashmi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=mhashmi,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=fkhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=fkhan,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=fkhan,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=jabbasi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=jabbasi,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=zshaikh,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=zshaikh,ou=users,dc=zivios,dc=net>
>>> dnPretty: <uid=akhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=akhan,ou=users,dc=zivios,dc=net)=0
<<< dnPretty: <uid=akhan,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=mhashmi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=mhashmi,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=mhashmi,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=fkhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=fkhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=fkhan,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=fkhan,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=jabbasi,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=jabbasi,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=jabbasi,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=zshaikh,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=zshaikh,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=zshaikh,ou=users,dc=zivios,dc=net>
>>> dnNormalize: <uid=akhan,ou=users,dc=zivios,dc=net>
=> ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net,0)
<= ldap_bv2dn(uid=akhan,ou=users,dc=zivios,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=akhan,ou=users,dc=zivios,dc=net)=0
<<< dnNormalize: <uid=akhan,ou=users,dc=zivios,dc=net>
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x8d496d0 ptr=0x8d496d3 end=0x8d497f6 len=291
  0000:  64 82 01 1f 04 26 63 6e  3d 65 63 6c 73 74 61 66   d....&cn=eclstaf
  0010:  66 2c 6f 75 3d 67 72 6f  75 70 73 2c 64 63 3d 7a   f,ou=groups,dc=z
  0020:  69 76 69 6f 73 2c 64 63  3d 6e 65 74 00 81 f4 30   ivios,dc=net...0
  0030:  13 04 09 67 69 64 4e 75  6d 62 65 72 00 06 04 04   ...gidNumber....
  0040:  33 30 30 30 30 10 04 02  63 6e 00 0a 04 08 65 63   30000...cn....ec
  0050:  6c 73 74 61 66 66 30 81  ca 04 06 6d 65 6d 62 65   lstaff0....membe
  0060:  72 00 81 bf 04 25 75 69  64 3d 6d 68 61 73 68 6d   r....%uid=mhashm
  0070:  69 2c 6f 75 3d 75 73 65  72 73 2c 64 63 3d 7a 69   i,ou=users,dc=zi
  0080:  76 69 6f 73 2c 64 63 3d  6e 65 74 04 23 75 69 64   vios,dc=net.#uid
  0090:  3d 66 6b 68 61 6e 2c 6f  75 3d 75 73 65 72 73 2c   =fkhan,ou=users,
  00a0:  64 63 3d 7a 69 76 69 6f  73 2c 64 63 3d 6e 65 74   dc=zivios,dc=net
  00b0:  04 25 75 69 64 3d 6a 61  62 62 61 73 69 2c 6f 75   .%uid=jabbasi,ou
  00c0:  3d 75 73 65 72 73 2c 64  63 3d 7a 69 76 69 6f 73   =users,dc=zivios
  00d0:  2c 64 63 3d 6e 65 74 04  25 75 69 64 3d 7a 73 68   ,dc=net.%uid=zsh
  00e0:  61 69 6b 68 2c 6f 75 3d  75 73 65 72 73 2c 64 63   aikh,ou=users,dc
  00f0:  3d 7a 69 76 69 6f 73 2c  64 63 3d 6e 65 74 04 23   =zivios,dc=net.#
  0100:  75 69 64 3d 61 6b 68 61  6e 2c 6f 75 3d 75 73 65   uid=akhan,ou=use
  0110:  72 73 2c 64 63 3d 7a 69  76 69 6f 73 2c 64 63 3d   rs,dc=zivios,dc=
  0120:  6e 65 74                                           net
ldap_msgfree
ldap_abandon_ext 4
do_abandon origid 4, msgid 4
ldap_msgdelete ld=0x8d48288 msgid=4
ber_flush2: 8 bytes to sd 12
  0000:  30 06 02 01 05 50 01 04                            0....P..
ldap_write: want=8, written=8
  0000:  30 06 02 01 05 50 01 04                            0....P..
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_free_request (origid 4, msgid 4)
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=80 matched="" text=""
--

The output is simply:

eclstaff:*:3000:mhashmi,fkhan,jabbasi,zshaikh,akhan

On the primary server however, I see all 4 group entries are sent
during the request:

conn=1000 op=5 ENTRY dn="cn=eclstaff,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=sysadmin,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=mailadmin,ou=groups,dc=zivios,dc=net"
conn=1000 op=5 ENTRY dn="cn=finance,ou=groups,dc=zivios,dc=net"

On the back-ldap server, probing a single group works, albeit, with
the same err=80 being logged.

getent passwd & hosts works perfectly.

Please find below the relevant configuration sections of my primary
slapd.conf, the back-ldap slapd.conf as well as sample user and group
entries:

=== primary server slapd.conf ===
database hdb
#overlay smbk5pwd
overlay unique
overlay nssov

suffix "dc=zivios,dc=net"
rootdn "cn=admin,dc=zivios,dc=net"
rootpw foo

# nssov config
nssov-map group uniqueMember member
nssov-ssd passwd ldap:///dc=zivios,dc=net??sub
nssov-ssd group ldap:///dc=zivios,dc=net??sub
nssov-ssd hosts ldap:///dc=zivios,dc=net??sub
nssov-pam hostservice
nssov-pam-session sshd
nssov-pam-session login

=== Back-ldap slapd.conf ===
database ldap
suffix  dc=zivios,dc=net
uri     "ldap://dev02.zivios.net";

acl-bind bindmethod=simple binddn="" credentials=""

idassert-bind bindmethod=simple
 binddn="cn=admin,dc=zivios,dc=net"  // just for testing...
 credentials="foo"
 mode=none
 flags=non-prescriptive

overlay nssov
nssov-map group uniqueMember member
nssov-ssd passwd ldap:///dc=zivios,dc=net??sub
nssov-ssd group ldap:///dc=zivios,dc=net??sub
nssov-ssd hosts ldap:///dc=zivios,dc=net??sub

nssov-pam hostservice
nssov-pam-session sshd
nssov-pam-session login

lastmod off

=== 2 sample groups ===
dn: cn=eclstaff,ou=groups,dc=zivios,dc=net
objectClass: groupOfNames
objectClass: posixGroup
gidNumber: 3000
description: Emergen Staff
cn: eclstaff
member: uid=mhashmi,ou=users,dc=zivios,dc=net
member: uid=fkhan,ou=users,dc=zivios,dc=net
member: uid=jabbasi,ou=users,dc=zivios,dc=net
member: uid=zshaikh,ou=users,dc=zivios,dc=net
member: uid=akhan,ou=users,dc=zivios,dc=net

dn: cn=sysadmin,ou=groups,dc=zivios,dc=net
objectClass: groupOfNames
objectClass: posixGroup
gidNumber: 3001
description: Administrator
cn: sysadmin
member: uid=mhashmi,ou=users,dc=zivios,dc=net
member: uid=fkhan,ou=users,dc=zivios,dc=net

=== 2 sample users ===
dn: uid=mhashmi,ou=users,dc=zivios,dc=net
cn: Mustafa Hashmi
gidnumber: 3000
givenname: Mustafa
homedirectory: /home/mhashmi
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
ou: Users
sn: Hashmi
uid: mhashmi
uidnumber: 5050
userpassword: foo

dn: uid=fkhan,ou=users,dc=zivios,dc=net
cn: Faraz Khan
gidnumber: 3000
givenname: Faraz
homedirectory: /home/fkhan
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
ou: Users
sn: Khan
uid: fkhan
uidnumber: 5051
userpassword: foo
===

Please note: running a ldapsearch on the back-ldap server for groups
works correctly and all entries are returned. I am at a bit of loss
here -- if anyone can tell me how to debug this further, it would be
greatly appreciated.

Many thanks,
Mustafa.