[Date Prev][Date Next] [Chronological] [Thread] [Top]

nslcd listing users and groups twice

To: openldap-technical@openldap.org
Subject: nslcd listing users and groups twice
From: John Lewis <oflameo2@gmail.com>
Date: Sun, 14 Aug 2016 13:50:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version; bh=dj9KHD41J+mcQgoCd/N21CtgZZ7qxQM532nN80Q+wE8=; b=BQ00sxop7bodjmnF9vVAbiC4rkDwhsMAej7oIXOBOQ8E2Y1uUTeMA8sKJ95M6TC9pk cPFhPB+QI57+OQqAC/vnLaR+wOjp6PVvMIgeewORdRSMW3Bm3ts48OrXs854GCTBetAi bJkS/GbaTmdV2y3N1zUV99zLYvNBbDXnVAi/OFrqCUqMK1BEznEmYwnYkk4HbyLMp5m+ +yJ6AbbEGxAnpWO/0Zvkng1KcBttR3optMc8NYuoixAIZ8jtPk8UKW520o9fwTCUApm8 JQAfQlRNHA8Z/exgV9dtn8Y2thglU0aEvDqRqjluQu4jRx6vJ9Soo2uUyrbnvv6aTEYV jZ0g==
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.1.0

This is surprisingly non-trivial especially when the nis schema for
openldap is more documented than the samba one when I use to run
samba-ad-dc. I have the nslcd.conf attatched.

# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost

# The search base that will be used for all queries.
base dc=d,dc=oflameo,dc=com

# The LDAP protocol version to use.
ldap_version 3

# The DN to bind with for normal lookups.
binddn cn=ldap-connect,ou=Users,dc=d,dc=oflameo,dc=com
bindpw x
# The DN used for password modifications by root.

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
#scope sub

# Customize certian database lookups.
base dc=d,dc=oflameo,dc=com

filter  passwd  (objectClass=posixAccount)
filter  group   (objectClass=posixGroup)

# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map     passwd  uid                uid
map     passwd  uidNumber          uidNumber
map     passwd  loginShell         loginShell
map     passwd  homeDirectory      homeDirectory
map     passwd  gecos              gecos              
map     passwd  gidNumber          gidNumber
map     group   member             member
 
# Bind/connect timelimit.
bind_timelimit 60

# Search timelimit.
timelimit 60

# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
idle_timelimit 300

Follow-Ups:
- Re: nslcd listing users and groups twice
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: nslcd listing users and groups twice
  - From: Dan White <dwhite@cafedemocracy.org>

Prev by Date: Re: search right and attribute existence
Next by Date: Re: nslcd listing users and groups twice
Index(es):
- Chronological
- Thread