[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: getent passwd inconsistent loginShell with ldapsearch

I removed ldap from nsswitch.conf. I restarted slapd and sssd.

There is still inconsistencies between getent and ldapsearch:

[root@rodster sssd]# getent passwd meathead08
meathead08:*:343108:343108:Johnny Appleseed:/home/meathead08:/bin/noshell

ldapsearch -w xxxx -D "cn=manager,dc=wh,dc=local"
homeDirectory: /home/meathead08
loginShell: /bin/bash



>-----Original Message-----
>From: openldap-technical-bounces@OpenLDAP.org 
>[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam 
>Gretton
>Sent: Tuesday, March 12, 2013 5:00 AM
>To: openldap-technical@openldap.org
>Subject: Re: getent passwd inconsistent loginShell with ldapsearch
>
>On 11/03/2013 21:26, Rodney Simioni wrote:
> > I disabled nscd. Here's my ldap.conf
> >
> > #SIZELIMIT      12
> > #TIMELIMIT      15
> > #DEREF          never
> > TLS_CACERTDIR /etc/openldap/cacerts
> > #URI ldap://127.0.0.1/
> > URI ldap://127.0.0.1/
> > BASE dc=wh,dc=local
> > port 389
>
>Wrong ldap.conf. What's in /etc/ldap.conf and are you absolutely sure that the user doesn't exist in /etc/passwd?
>
>Also what's in /etc/nsswitch.conf for the passwd entry?

On 03/12/13 09:55 -0400, Rodney Simioni wrote:
>I don't have a /etc/ldap.conf. I have a /etc/openldap/ldap.conf.
>
>I'm sure my ldap users do not exist in /etc/passwd.
>
>Nscd is disabled.
>
>/etc/nsswitch.conf has:
>
>passwd:      files sss ldap
>shadow:     files sss ldap

You have two ldap related nss modules, which might explain your inconsistency. Try removing ldap.

>my sssd.conf is:
>
>[domain/default]
>
>ldap_id_use_start_tls = False
>cache_credentials = True
>ldap_search_base = dc=wh,dc=local
>krb5_realm = EXAMPLE.COM
>krb5_server = kerberos.example.com
>id_provider = ldap
>auth_provider = ldap
>chpass_provider = ldap
>ldap_uri = ldap://127.0.0.1/
>ldap_tls_cacertdir = /etc/openldap/cacerts
>
>access_provider = ldap
>ldap_access_filter = host=localhost
>ldap_pwd_policy = shadow
>
>
>[sssd]
>services = nss, pam, ssh
>config_file_version = 2
>domains = default, local
>
>[nss]
>
>[pam]
>
>[ssh]
>
>[sudo]
>
>[autofs]

--
Dan White


This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free.  Thank you.