[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Cannot ID LDAP User On LDAP Client
On Dec 01, 2010, at 16.37, Anton Chu wrote:
> I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server.
> I've install the following:
>
> sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db
> nscd ldap-utils pam_ccreds
>
> Here's my /etc/nsswitch.conf:
>
> passwd: files ldap [NOTFOUND=return] db
>>
>> group: files ldap [NOTFOUND=return] db
>>
>> shadow: files ldap
>>
>> hosts: files dns
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>
> I can nss_updatedb ldap succssfully:
> # nss_updatedb ldap
> passwd... done.
> group... done.
>
> I can getent passwd, getent passwd shadow, getent group just fine and
> they all show all my ldap users.
>
> However, I cannot do an id ldapuser
>
> ex:
> $ id tony
> id: tony: No such user
my recommendation would be to move away from libnss-ldap and libpam-ldap, and to use nss-pam-ldapd, available in ubuntu via the libnss-ldapd, libpam-ldapd and nslcd packages. it may not explicitly solve your problem, but it will likely make troubleshooting things easier. also, until you have a functioning, proper setup, remove things like nss-updatedb, libnss-db and nscd. once things are working, if you feel some degree of caching is needed, address that as an independent item.
-ben