[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: 8 principal limitation in openldap
This thread is a good example of why top-posting sucks ...
On Friday, 25 March 2011 17:27:10 Kevin Josue Zambrano Chavez wrote:
> On Fri, Mar 25, 2011 at 10:23 AM, Marco Pizzoli
<marco.pizzoli@gmail.com>wrote:
> > Hi,
> > I could be corrected if I'm wrong, but this problem is not related to
> > OpenLDAP. It's a nss_ldap problem.
> > nss_ldap is a client library that's used by linux vendors to achieves
> > seamless integration of users against *a* LDAP server.
> >
> > I had a similar problem with a complex configuration and bypassed (not
> > solved) the problem by modifying my client configuration.
> >
> > I reduced the number of ldap server configured to be accessed: from 4 to
> > 3. I reduced the number of users defined in
> > *nss_initgroups_ignoreusers*directive: i had about 40 listed in it...
IMHO, this is the wrong fix anyway, but most likely has nothing to do with the
OPs problem.
> >
> > Etc...
> >
> > Make some tries and tell me if you can solve it.
> >
> > Marco
> >
> > On Thu, Mar 24, 2011 at 9:25 PM, Srivatsav M
<srivatsav.mudumba@gmail.com>wrote:
> >> Hi,
> >>
> >> We are using OpenLDAP for authenticating users registered in a LDAP
> >> server (Open LDAP, Active Directory).
Which one? Or both?
> >> After adding 8 principals
> >> (/etc/ldap.conf), none of the users registered in the /etc/ldap.conf
> >> file are able to login.
Users shouldn't be "registered in the /etc/ldap.conf file".
> >>
> >> nss_base_passwd
> >> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par
> >> entcompname nss_base_shadow
> >> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par
> >> entcompname nss_base_group
> >> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par
> >> entcompname
> >>
Please supply a full copy of your /etc/ldap.conf, or at least a representative
one, and provide the example output of 'getent passwd username' and 'groups
username' for the user who doesn't authenticate. You may also want to supply
the relevant PAM configuration files.
Also, please provide details of your LDAP client (distribution release, what
versions of nss_ldap and pam_ldap you are running).
> >>
> >> Can you please share the reason for this 7 limitation in the open ldap
> >> library. or how I can fix this issue. I am looking i for the header file
> >> in the source files whhich has this constant or limitation defined.
> >>
> >> Tried googling, but it appears that no one has encountered this issue.
> >>
> >> Some customers are running into this issue and it has become a severity
> >> 1 issue to fix.
> >>
[...]
> Hi all,
>
> Have you tried with "nss-ldapd" [1] [2], a fork from NSS LDAP Package from
> PADL Software Pty Ltd.?
Do we know what the actual problem is? Do we know it would be solved by nss-
ldapd?
There might be a simple misunderstanding here, or a simple configuration
problem, and switching software might not solve that.
Additionally, the distribution in question may have a different preferred LDAP
client.
Regards,
Buchan