[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: getent passwd inconsistent loginShell with ldapsearch

To: <openldap-technical@openldap.org>
Subject: RE: getent passwd inconsistent loginShell with ldapsearch
From: "Rodney Simioni" <rodney.simioni@verio.net>
Date: Fri, 8 Mar 2013 17:06:55 -0500
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <20130308214919.GJ5281@dan.olp.net>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F05CB31A5@IAD-WPRD-XCHB03.corp.verio.net> <20130308214919.GJ5281@dan.olp.net>
Thread-index: Ac4cRseQlswaC8MNQC+DzkPh+/eacwAAjEWA
Thread-topic: getent passwd inconsistent loginShell with ldapsearch

-----Original Message-----
From: Dan White [mailto:dwhite@olp.net] 
Sent: Friday, March 08, 2013 4:49 PM
To: Rodney Simioni
Cc: openldap-technical@openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch

On 03/08/13 16:14 -0500, Rodney Simioni wrote:
>When I do a 'getent check72 passwd' I get:
>
>check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash

What do you expect to see here?
[>>>>>>>>]check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/noshell

Presumably you are expecting to either see the password hash value, or an "x" instead of "*".

If so, you could have an ACL misconfiguration, or a problem with your ldap nss module.

>But when I do a ldapsearch command I get:
>
># check72, people, wh.local
>dn: uid=check72,ou=people,dc=wh,dc=local
>uid: check72
>cn: Johnny Appleseed
>objectClass: account
>objectClass: posixAccount
>objectClass: top
>objectClass: shadowAccount
>userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
>shadowLastChange: 15140
>shadowMax: 99999
>shadowWarning: 7
>uidNumber: 6072
>gidNumber: 6072
>homeDirectory: /home/check72
>loginShell: /bin/noshell

You're seeing /bin/bash in your getent output. That must be an nss ldap problem.

Are you sure that 'check72' does not exist in /etc/passwd (or another nss plugin)?
[>>>>>>>>] I'm sure it does not exist in /etc/passwd

># check72, group, wh.local
>dn: cn=check72,ou=group,dc=wh,dc=local
>objectClass: posixGroup
>objectClass: top
>cn: check72
>gidNumber: 6072
>userPassword:: e0NSWVBUfXg=

--
Dan White

This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free.  Thank you.

Follow-Ups:
- Re: getent passwd inconsistent loginShell with ldapsearch
  - From: Dan White <dwhite@olp.net>

References:
- getent passwd inconsistent loginShell with ldapsearch
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- Re: getent passwd inconsistent loginShell with ldapsearch
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: getent passwd inconsistent loginShell with ldapsearch
Next by Date: Re: shadowLastChange missing after update
Index(es):
- Chronological
- Thread