On Dec 01, 2010, at 16.37, Anton Chu wrote:
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds
Here's my /etc/nsswitch.conf:
passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
I can nss_updatedb ldap succssfully: # nss_updatedb ldap passwd... done. group... done.
I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users.
However, I cannot do an id ldapuser
ex: $ id tony id: tony: No such user
my recommendation would be to move away from libnss-ldap and libpam-ldap, and to use nss-pam-ldapd, available in ubuntu via the libnss-ldapd, libpam-ldapd and nslcd packages. it may not explicitly solve your problem, but it will likely make troubleshooting things easier. also, until you have a functioning, proper setup, remove things like nss-updatedb, libnss-db and nscd. once things are working, if you feel some degree of caching is needed, address that as an independent item.
-ben