any ideas?
-------- Original Message --------
Subject: Re: getent passwd doesn't show ldap user
Date: Mon, 23 Apr 2012 12:20:03 +0200
From: stefano malini <lozingalo(a)gmail.com>
To: openldap-technical(a)openldap.org
hi,
installed openldap and configured nslcd.conf and nsswitch.conf.
At the moment getent passwd doesn't show ldap user.
I create a user nslcd_proc for nslcd lookups.
this user belong to the System organizationalUnit.
You can see some checks.
FIRST SHELL
nslcd -d
nslcd: DEBUG: add_uri(ldap://localhost:389)
nslcd: version 0.7.15 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(107) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections
SECOND SHELL: getent passwd-->shows only local users
FIRST SHELL shows:
nslcd: [8b4567] DEBUG: connection from pid=2055 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_all()
nslcd: [8b4567] DEBUG: myldap_search(base="dc=amahoro,dc=bi",
filter="(objectClass=posixAccount)")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://localhost:389)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("uid=nslcd_proc,ou=System,dc=amahoro,dc=bi","***")
(uri="ldap://localhost:389")
nslcd: [8b4567] ldap_result() failed: No such object
These are the permissions of nslcd files and folder
ls -ld /etc/nslcd.conf /var/run/nslcd/ /var/run/nslcd/*
-rw-r----- 1 root nslcd 635 Apr 21 11:54 /etc/nslcd.conf
drwxr-xr-x 2 nslcd nslcd 4096 Apr 21 11:55 /var/run/nslcd/
-rw-r--r-- 1 root root 5 Apr 21 11:55 /var/run/nslcd/nslcd.pid
srw-rw-rw- 1 root root 0 Apr 21 11:55 /var/run/nslcd/socket
Opening /var/run/nslcd/socket it shows:
Error reading /var/run/nslcd/socket: No such device or address
Follow nslcd.conf and slapd.conf.
__________________________________________________________________
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost:389
# The search base that will be used for all queries.
base dc=amahoro,dc=bi
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
binddn uid=nslcd_proc,ou=System,dc=amahoro,dc=bi
bindpw *****
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
# The search scope.
#scope sub
___________________________________________________________________
slapd.conf
slapd.conf
#Basics
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel trace
modulepath /usr/lib/ldap
moduleload back_hdb
#Database Configuration
backend hdb
database hdb
suffix "dc=amahoro,dc=bi"
rootdn "cn=Manager,dc=amahoro,dc=bi"
rootpw {SSHA}zH2A+jeSlbl2/UcAXm596KPV4IB/R6x9
directory /var/lib/ldap
index objectClass,cn eq
#ACLs
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read
by self write
by * none
Please, do you have some ideas?
thanks