RE: Unix id command and Openldap

Hi

I get this when searching the jbosstest user defined on the ldap server

conn=896 fd=41 ACCEPT from IP=127.0.0.1:47131 (IP=0.0.0.0:389) conn=896 op=0 BIND dn="" method=128 conn=896 op=0 RESULT tag=97 err=0 text= # extended LDIF # # LDAPv3 # base <ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree # filter: (memberUID=jbosstest) # requesting: ALL #

conn=896 op=1 SRCH base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" scope=2 deref=0 filter="(memberUid=jbosstest)" conn=896 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= # search result search: 2 result: 0 Success

# numResponses: 1 vmlx-ldapauth-test:/etc/openldap # conn=896 op=2 UNBIND conn=896 fd=41 closed ()

And I get this when I search the group mysql defined on the ldap server too:

vmlx-ldapauth-test:/home/okossuth # ldapsearch -x -D 'cn=admin,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' -W -b 'ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' cn=mysql Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree # filter: cn=mysql # requesting: ALL #

# mysql, Grupos, Teleinformatica, vmlx-ldapauth-test.in.iantel.com.uy dn: cn=mysql,ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.c om.uy cn: mysql objectClass: posixGroup objectClass: namedObject objectClass: top description: gdodera gidNumber: 4620 memberUid: gdodera memberUid: jbosstest

# search result search: 2 result: 0 Success

# numResponses: 2 # numEntries: 1

thanks for your help!

Saludos,

Oskar Kossuth Administrador UNIX ANTEL Telecomunicaciones

-----Mensaje original----- De: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk] Enviado el: Wednesday, December 17, 2008 3:50 PM Para: Kossuth Espinosa, Oskar CC: claus.kick@siemens.com; openldap-technical@openldap.org Asunto: Re: Unix id command and Openldap

On Wed, Dec 17, 2008 at 03:40:54PM -0200, okossuth@antel.com.uy wrote:

im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.

OK - from a quick scan of those I would expect a group lookup to be roughly equivalent to this search:

ldapsearch -x -b \ "ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" \ '(memberUID=XXX)'

where XXX is the username of a user that appears in some group.

What do you get if you try that search? Could you post a typical entry from the ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy area?

It would still be useful to post the log output when running slapd with loglevel 768 (stats + stats2)

Andrew