Re: Configuring UNIX clients to retrieve user info from LDAP
On Tuesday 21 October 2008 00:48:20 Nazeeruddin Mohammad wrote:
Hi All,
Sorry for reposting the mail. This is a long term problem for me. I am
unable to retrieve user information from LDAP server, which is a proxy to
AD. The normal LDAP search (see the command below) gets me the data, but
the "getent passwd" only gets me local users from passwd file.
ldapsearch -x -h ldapserver -LLL -b dc=internal,dc=phg,dc=com,dc=au
'(uid=nazeerm)'
Is there any problem with my configuration? Thank you very much.
Here is my client configuration.
What OS / Distro ?
Did you make any changes to /etc/nsswitch.conf ?
--------------------------------------
uri ldap://ldapserver.research.phg.com.au/
base dc=internal,dc=phg,dc=com,dc=au
scope sub
bind_timelimit 15
timelimit 15
ssl no
referrals no
nss_base_passwd dc=internal,dc=phg,dc=com,dc=au?sub
nss_base_shadow dc=internal,dc=phg,dc=com,dc=au?sub
nss_base_group
dc=internal,dc=phg,dc=com,dc=au?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
nss_initgroups_ignoreusers root,ldap
pam_filter objectClass=posixAccount
pam_login_attribute uid
pam_lookup_policy no
Add:
debug 1
to this file, then, having ensured that nscd is not running, run 'getent
passwd ldapuser', and you should see quite a bit of debugging output, e.g.:
# getent passwd bgmilne
ldap_create
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_create
ldap_url_parse_ext(ldap://tiger.ranger.dnsalias.com)
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP tiger.ranger.dnsalias.com:389
[...]
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt (x}{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash