On Wednesday 22 October 2008 03:26:13 Nazeeruddin Mohammad wrote:
Thanks for the reply. Here are the messing details.
What OS / Distro ?
I am using CentOS 5.1. The nsswitch.conf is properly configured. If change the uri or host in /etc/ldap.conf to a standard ldap, it works fine. Only if I refer to an ldap server which is proxy to AD server it fails.
Add: debug 1
I did this and here is a sample output. It's connecting to the server (hera2), but not getting any information. Strange!
ldap_create ldap_url_parse_ext(ldap://hera2.research.phg.com.au/) ldap_create ldap_url_parse_ext(ldap://hera2.research.phg.com.au/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP hera2.research.phg.com.au:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.100.237:389 ldap_connect_timeout: fd: 3 tm: 15 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 14 bytes to sd 3 ldap_result ld 0x4f3b510 msgid 1 ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0 ldap_chkResponseList returns ld 0x4f3b510 NULL wait4msg ld 0x4f3b510 msgid 1 (timeout 15000000 usec) wait4msg continue ld 0x4f3b510 msgid 1 all 0 ** ld 0x4f3b510 Connections:
- host: hera2.research.phg.com.au port: 389 (default) refcnt: 2 status: Connected last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
- msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue: Empty ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0 ldap_chkResponseList returns ld 0x4f3b510 NULL ldap_int_select read1msg: ld 0x4f3b510 msgid 1 all 0 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x4f3b510 msgid 1 message type bind ber_scanf fmt ({eaa) ber: read1msg: ld 0x4f3b510 0 new referrals read1msg: mark request completed, ld 0x4f3b510 msgid 1 request done: ld 0x4f3b510 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_search put_filter: "(&(objectClass=user)(uid=nazeerm))" put_filter: AND put_filter_list "(objectClass=user)(uid=nazeerm)" put_filter: "(objectClass=user)" put_filter: simple put_simple_filter: "objectClass=user" put_filter: "(uid=nazeerm)" put_filter: simple put_simple_filter: "uid=nazeerm" ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush: 204 bytes to sd 3 ldap_result ld 0x4f3b510 msgid 2 ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1 ldap_chkResponseList returns ld 0x4f3b510 NULL wait4msg ld 0x4f3b510 msgid 2 (timeout 15000000 usec) wait4msg continue ld 0x4f3b510 msgid 2 all 1 ** ld 0x4f3b510 Connections:
- host: hera2.research.phg.com.au port: 389 (default) refcnt: 2 status: Connected last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
- msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue: Empty ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1 ldap_chkResponseList returns ld 0x4f3b510 NULL ldap_int_select
So, looking at the exact filter that is sent, what happens if you perform a search as follows:
$ ldapsearch -x -H ldap://ldapserver.research.phg.com.au/ -b dc=internal,dc=phg,dc=com,dc=au "(&(objectClass=user)(uid=nazeerm))"
-----Original Message----- From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] Sent: Tuesday, 21 October 2008 5:22 PM To: openldap-technical@openldap.org Cc: Nazeeruddin Mohammad Subject: Re: Configuring UNIX clients to retrieve user info from LDAP
On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
Hi All,
Sorry for reposting the mail. This is a long term problem for me. I am unable to retrieve user information from LDAP server, which is a proxy to AD. The normal LDAP search (see the command below) gets me the data, but the "getent passwd" only gets me local users from passwd file.
ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au '(uid=nazeerm)'
Is there any problem with my configuration? Thank you very much.
Here is my client configuration.
uri ldap://ldapserver.research.phg.com.au/ base dc=internal,dc=phg,dc=com,dc=au scope sub bind_timelimit 15 timelimit 15 ssl no referrals no nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub nss_base_group dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass posixGroup group
nss_map_attribute gecos cn nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_initgroups_ignoreusers root,ldap
pam_filter objectClass=posixAccount pam_login_attribute uid pam_lookup_policy no