On Wednesday 22 October 2008 03:26:13 Nazeeruddin Mohammad wrote:
Thanks for the reply. Here are the messing details.
>What OS / Distro ?
I am using CentOS 5.1. The nsswitch.conf is properly configured. If change
the uri or host in /etc/ldap.conf to a standard ldap, it works fine. Only
if I refer to an ldap server which is proxy to AD server it fails.
>Add:
>debug 1
I did this and here is a sample output. It's connecting to the server
(hera2), but not getting any information. Strange!
ldap_create
ldap_url_parse_ext(ldap://hera2.research.phg.com.au/)
ldap_create
ldap_url_parse_ext(ldap://hera2.research.phg.com.au/)
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP hera2.research.phg.com.au:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.100.237:389
ldap_connect_timeout: fd: 3 tm: 15 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush: 14 bytes to sd 3
ldap_result ld 0x4f3b510 msgid 1
ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0
ldap_chkResponseList returns ld 0x4f3b510 NULL
wait4msg ld 0x4f3b510 msgid 1 (timeout 15000000 usec)
wait4msg continue ld 0x4f3b510 msgid 1 all 0
** ld 0x4f3b510 Connections:
* host: hera2.research.phg.com.au port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue:
Empty
ldap_chkResponseList ld 0x4f3b510 msgid 1 all 0
ldap_chkResponseList returns ld 0x4f3b510 NULL
ldap_int_select
read1msg: ld 0x4f3b510 msgid 1 all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x4f3b510 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x4f3b510 0 new referrals
read1msg: mark request completed, ld 0x4f3b510 msgid 1
request done: ld 0x4f3b510 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search
put_filter: "(&(objectClass=user)(uid=nazeerm))"
put_filter: AND
put_filter_list "(objectClass=user)(uid=nazeerm)"
put_filter: "(objectClass=user)"
put_filter: simple
put_simple_filter: "objectClass=user"
put_filter: "(uid=nazeerm)"
put_filter: simple
put_simple_filter: "uid=nazeerm"
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush: 204 bytes to sd 3
ldap_result ld 0x4f3b510 msgid 2
ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1
ldap_chkResponseList returns ld 0x4f3b510 NULL
wait4msg ld 0x4f3b510 msgid 2 (timeout 15000000 usec)
wait4msg continue ld 0x4f3b510 msgid 2 all 1
** ld 0x4f3b510 Connections:
* host: hera2.research.phg.com.au port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Oct 22 09:46:44 2008
** ld 0x4f3b510 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** ld 0x4f3b510 Response Queue:
Empty
ldap_chkResponseList ld 0x4f3b510 msgid 2 all 1
ldap_chkResponseList returns ld 0x4f3b510 NULL
ldap_int_select
So, looking at the exact filter that is sent, what happens if you perform a
search as follows:
$ ldapsearch -x -H ldap://ldapserver.research.phg.com.au/ -b
dc=internal,dc=phg,dc=com,dc=au "(&(objectClass=user)(uid=nazeerm))"
-----Original Message-----
From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
Sent: Tuesday, 21 October 2008 5:22 PM
To: openldap-technical(a)openldap.org
Cc: Nazeeruddin Mohammad
Subject: Re: Configuring UNIX clients to retrieve user info from LDAP
On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
> Hi All,
>
> Sorry for reposting the mail. This is a long term problem for me. I am
> unable to retrieve user information from LDAP server, which is a proxy to
> AD. The normal LDAP search (see the command below) gets me the data, but
> the "getent passwd" only gets me local users from passwd file.
>
> ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au
> '(uid=nazeerm)'
>
>
> Is there any problem with my configuration? Thank you very much.
>
>
> Here is my client configuration.
>
>
>
> --------------------------------------
>
> uri ldap://ldapserver.research.phg.com.au/
> base dc=internal,dc=phg,dc=com,dc=au
> scope sub
> bind_timelimit 15
> timelimit 15
> ssl no
> referrals no
> nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub
> nss_base_group
> dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup group
>
> nss_map_attribute gecos cn
> nss_map_attribute homeDirectory unixHomeDirectory
> nss_map_attribute uniqueMember member
> nss_initgroups_ignoreusers root,ldap
>
> pam_filter objectClass=posixAccount
> pam_login_attribute uid
> pam_lookup_policy no