[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: getent passwd inconsistent loginShell with ldapsearch
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton
Sent: Tuesday, March 12, 2013 5:00 AM
To: openldap-technical@openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 11/03/2013 21:26, Rodney Simioni wrote:
> I disabled nscd. Here's my ldap.conf
>
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
> TLS_CACERTDIR /etc/openldap/cacerts
> #URI ldap://127.0.0.1/
> URI ldap://127.0.0.1/
> BASE dc=wh,dc=local
> port 389
Wrong ldap.conf. What's in /etc/ldap.conf and are you absolutely sure that the user doesn't exist in /etc/passwd?
Also what's in /etc/nsswitch.conf for the passwd entry?
On 03/12/13 09:55 -0400, Rodney Simioni wrote:
I don't have a /etc/ldap.conf. I have a /etc/openldap/ldap.conf.
I'm sure my ldap users do not exist in /etc/passwd.
Nscd is disabled.
/etc/nsswitch.conf has:
passwd: files sss ldap
shadow: files sss ldap
You have two ldap related nss modules, which might explain your
inconsistency. Try removing ldap.
my sssd.conf is:
[domain/default]
ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=wh,dc=local
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://127.0.0.1/
ldap_tls_cacertdir = /etc/openldap/cacerts
access_provider = ldap
ldap_access_filter = host=localhost
ldap_pwd_policy = shadow
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = default, local
[nss]
[pam]
[ssh]
[sudo]
[autofs]
--
Dan White