Re: Cannot ID LDAP User On LDAP Client

[ben thielsen <btb@bitrate.net>]

On Dec 01, 2010, at 16.37, Anton Chu wrote:

> I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server.
> I've install the following:
> 
> sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db
> nscd ldap-utils pam_ccreds
> 
> Here's my /etc/nsswitch.conf:
> 
> passwd: files ldap [NOTFOUND=return] db
>> 
>> group: files ldap [NOTFOUND=return] db
>> 
>> shadow: files ldap
>> 
>> hosts: files dns
>> networks: files
>> 
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>> 
> 
> I can nss_updatedb ldap succssfully:
> # nss_updatedb ldap
> passwd... done.
> group... done.
> 
> I can getent passwd, getent passwd shadow, getent group just fine and
> they all show all my ldap users.
> 
> However, I cannot do an id ldapuser
> 
> ex:
> $ id tony
> id: tony: No such user

my recommendation would be to move away from libnss-ldap and libpam-ldap, and to use nss-pam-ldapd, available in ubuntu via the libnss-ldapd, libpam-ldapd and nslcd packages.  it may not explicitly solve your problem, but it will likely make troubleshooting things easier.  also, until you have a functioning, proper setup, remove things like nss-updatedb, libnss-db and nscd.  once things are working, if you feel some degree of caching is needed, address that as an independent item.

-ben