-----Original Message----- From: Dan White [mailto:dwhite@olp.net] Sent: Friday, March 08, 2013 4:49 PM To: Rodney Simioni Cc: openldap-technical@openldap.org Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here? [>>>>>>>>]check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/noshell
Presumably you are expecting to either see the password hash value, or an "x" instead of "*".
If so, you could have an ACL misconfiguration, or a problem with your ldap nss module.
But when I do a ldapsearch command I get:
# check72, people, wh.local dn: uid=check72,ou=people,dc=wh,dc=local uid: check72 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 6072 gidNumber: 6072 homeDirectory: /home/check72 loginShell: /bin/noshell
You're seeing /bin/bash in your getent output. That must be an nss ldap problem.
Are you sure that 'check72' does not exist in /etc/passwd (or another nss plugin)? [>>>>>>>>] I'm sure it does not exist in /etc/passwd
# check72, group, wh.local dn: cn=check72,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: check72 gidNumber: 6072 userPassword:: e0NSWVBUfXg=
-- Dan White
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.