Re: Configuring UNIX clients to retrieve user info from LDAP

Thanks for the reply. Here are the messing details. >What OS / Distro ? I am using CentOS 5.1. The nsswitch.conf is properly configured. If change the uri or host in /etc/ldap.conf to a standard ldap, it works fine. Only if I refer to an ldap server which is proxy to AD server it fails. >Add: >debug 1 I did this and here is a sample output. It's connecting to the server (hera2), but not getting any information. Strange! ldap_create ldap_url_parse_ext(ldap://hera2.research.phg.com.au/) ldap_create ldap_url_parse_ext(ldap://hera2.research.phg.com.au/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP hera2.research.phg.com.au:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.100.237:389 ldap_connect_timeout: fd: 3 tm: 15 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 14 bytes to sd 3 ldap_result ld 0x4f3b510 msgid 1 ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0 ldap_chkResponseList returns ld 0x4f3b510 NULL wait4msg ld 0x4f3b510 msgid 1 (timeout 15000000 usec) wait4msg continue ld 0x4f3b510 msgid 1 all 0 ** ld 0x4f3b510 Connections: * host: hera2.research.phg.com.au port: 389 (default) refcnt: 2 status: Connected last used: Wed Oct 22 09:46:44 2008 ** ld 0x4f3b510 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x4f3b510 Response Queue: Empty ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0 ldap_chkResponseList returns ld 0x4f3b510 NULL ldap_int_select read1msg: ld 0x4f3b510 msgid 1 all 0 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x4f3b510 msgid 1 message type bind ber_scanf fmt ({eaa) ber: read1msg: ld 0x4f3b510 0 new referrals read1msg: mark request completed, ld 0x4f3b510 msgid 1 request done: ld 0x4f3b510 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_search put_filter: "(&(objectClass=user)(uid=nazeerm))" put_filter: AND put_filter_list "(objectClass=user)(uid=nazeerm)" put_filter: "(objectClass=user)" put_filter: simple put_simple_filter: "objectClass=user" put_filter: "(uid=nazeerm)" put_filter: simple put_simple_filter: "uid=nazeerm" ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush: 204 bytes to sd 3 ldap_result ld 0x4f3b510 msgid 2 ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1 ldap_chkResponseList returns ld 0x4f3b510 NULL wait4msg ld 0x4f3b510 msgid 2 (timeout 15000000 usec) wait4msg continue ld 0x4f3b510 msgid 2 all 1 ** ld 0x4f3b510 Connections: * host: hera2.research.phg.com.au port: 389 (default) refcnt: 2 status: Connected last used: Wed Oct 22 09:46:44 2008 ** ld 0x4f3b510 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** ld 0x4f3b510 Response Queue: Empty ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1 ldap_chkResponseList returns ld 0x4f3b510 NULL ldap_int_select

-----Original Message----- From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] Sent: Tuesday, 21 October 2008 5:22 PM To: openldap-technical(a)openldap.org Cc: Nazeeruddin Mohammad Subject: Re: Configuring UNIX clients to retrieve user info from LDAP On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote: > Hi All, > > Sorry for reposting the mail. This is a long term problem for me. I am > unable to retrieve user information from LDAP server, which is a proxy to > AD. The normal LDAP search (see the command below) gets me the data, but > the "getent passwd" only gets me local users from passwd file. > > ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au > '(uid=nazeerm)' > > > Is there any problem with my configuration? Thank you very much. > > > Here is my client configuration. > > > > -------------------------------------- > > uri ldap://ldapserver.research.phg.com.au/ > base dc=internal,dc=phg,dc=com,dc=au > scope sub > bind_timelimit 15 > timelimit 15 > ssl no > referrals no > nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub > nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub > nss_base_group > dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*) > > nss_map_objectclass posixAccount user > nss_map_objectclass shadowAccount user > nss_map_objectclass posixGroup group > > nss_map_attribute gecos cn > nss_map_attribute homeDirectory unixHomeDirectory > nss_map_attribute uniqueMember member > nss_initgroups_ignoreusers root,ldap > > pam_filter objectClass=posixAccount > pam_login_attribute uid > pam_lookup_policy no