Re: getent passwd inconsistent loginShell with ldapsearch

[Dan White <dwhite@olp.net>]

On 03/08/13 16:14 -0500, Rodney Simioni wrote:
> When I do a 'getent check72 passwd' I get:
>
> check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash

What do you expect to see here?

Presumably you are expecting to either see the password hash value, or an
"x" instead of "*".

If so, you could have an ACL misconfiguration, or a problem with your ldap
nss module.

> But when I do a ldapsearch command I get:
>
> # check72, people, wh.local
> dn: uid=check72,ou=people,dc=wh,dc=local
> uid: check72
> cn: Johnny Appleseed
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
> shadowLastChange: 15140
> shadowMax: 99999
> shadowWarning: 7
> uidNumber: 6072
> gidNumber: 6072
> homeDirectory: /home/check72
> loginShell: /bin/noshell

You're seeing /bin/bash in your getent output. That must be an nss ldap
problem.

Are you sure that 'check72' does not exist in /etc/passwd (or another nss
plugin)?

> # check72, group, wh.local
> dn: cn=check72,ou=group,dc=wh,dc=local
> objectClass: posixGroup
> objectClass: top
> cn: check72
> gidNumber: 6072
> userPassword:: e0NSWVBUfXg=


--
Dan White