-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton Sent: Tuesday, March 12, 2013 5:00 AM To: openldap-technical@openldap.org Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 11/03/2013 21:26, Rodney Simioni wrote:
I disabled nscd. Here's my ldap.conf
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/cacerts #URI ldap://127.0.0.1/ URI ldap://127.0.0.1/ BASE dc=wh,dc=local port 389
Wrong ldap.conf. What's in /etc/ldap.conf and are you absolutely sure that the user doesn't exist in /etc/passwd?
Also what's in /etc/nsswitch.conf for the passwd entry?
On 03/12/13 09:55 -0400, Rodney Simioni wrote:
I don't have a /etc/ldap.conf. I have a /etc/openldap/ldap.conf.
I'm sure my ldap users do not exist in /etc/passwd.
Nscd is disabled.
/etc/nsswitch.conf has:
passwd: files sss ldap shadow: files sss ldap
You have two ldap related nss modules, which might explain your inconsistency. Try removing ldap.
my sssd.conf is:
[domain/default]
ldap_id_use_start_tls = False cache_credentials = True ldap_search_base = dc=wh,dc=local krb5_realm = EXAMPLE.COM krb5_server = kerberos.example.com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://127.0.0.1/ ldap_tls_cacertdir = /etc/openldap/cacerts
access_provider = ldap ldap_access_filter = host=localhost ldap_pwd_policy = shadow
[sssd] services = nss, pam, ssh config_file_version = 2 domains = default, local
[nss]
[pam]
[ssh]
[sudo]
[autofs]