On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
Hi All,
Sorry for reposting the mail. This is a long term problem for me. I am unable to retrieve user information from LDAP server, which is a proxy to AD. The normal LDAP search (see the command below) gets me the data, but the "getent passwd" only gets me local users from passwd file.
ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au '(uid=nazeerm)'
Is there any problem with my configuration? Thank you very much.
Here is my client configuration.
What OS / Distro ?
Did you make any changes to /etc/nsswitch.conf ?
uri ldap://ldapserver.research.phg.com.au/ base dc=internal,dc=phg,dc=com,dc=au scope sub bind_timelimit 15 timelimit 15 ssl no referrals no nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub nss_base_group dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass posixGroup group
nss_map_attribute gecos cn nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_initgroups_ignoreusers root,ldap
pam_filter objectClass=posixAccount pam_login_attribute uid pam_lookup_policy no
Add: debug 1
to this file, then, having ensured that nscd is not running, run 'getent passwd ldapuser', and you should see quite a bit of debugging output, e.g.:
# getent passwd bgmilne ldap_create ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com) ldap_create ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP tiger.ranger.dnsalias.com:389
[...]
ldap_get_values ber_scanf fmt ({x{{a) ber: ber_scanf fmt (x}{a) ber: ber_scanf fmt ([v]) ber: ldap_msgfree bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash