Hi,
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
But when I do a ldapsearch command I get:
# check72, people, wh.local
dn: uid=check72,ou=people,dc=wh,dc=local
uid: check72
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 6072
gidNumber: 6072
homeDirectory: /home/check72
loginShell: /bin/noshell
# check72, group, wh.local
dn: cn=check72,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: check72
gidNumber: 6072
userPassword:: e0NSWVBUfXg=
# search result
search: 2
result: 0 Success
I have rstarted slapd and nscd, any clue? Thanks in advance.
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here?
Presumably you are expecting to either see the password hash value, or an "x" instead of "*".
If so, you could have an ACL misconfiguration, or a problem with your ldap nss module.
But when I do a ldapsearch command I get:
# check72, people, wh.local dn: uid=check72,ou=people,dc=wh,dc=local uid: check72 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 6072 gidNumber: 6072 homeDirectory: /home/check72 loginShell: /bin/noshell
You're seeing /bin/bash in your getent output. That must be an nss ldap problem.
Are you sure that 'check72' does not exist in /etc/passwd (or another nss plugin)?
# check72, group, wh.local dn: cn=check72,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: check72 gidNumber: 6072 userPassword:: e0NSWVBUfXg=
-----Original Message----- From: Dan White [mailto:dwhite@olp.net] Sent: Friday, March 08, 2013 4:49 PM To: Rodney Simioni Cc: openldap-technical@openldap.org Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here? [>>>>>>>>]check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/noshell
Presumably you are expecting to either see the password hash value, or an "x" instead of "*".
If so, you could have an ACL misconfiguration, or a problem with your ldap nss module.
But when I do a ldapsearch command I get:
# check72, people, wh.local dn: uid=check72,ou=people,dc=wh,dc=local uid: check72 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 6072 gidNumber: 6072 homeDirectory: /home/check72 loginShell: /bin/noshell
You're seeing /bin/bash in your getent output. That must be an nss ldap problem.
Are you sure that 'check72' does not exist in /etc/passwd (or another nss plugin)? [>>>>>>>>] I'm sure it does not exist in /etc/passwd
# check72, group, wh.local dn: cn=check72,ou=group,dc=wh,dc=local objectClass: posixGroup objectClass: top cn: check72 gidNumber: 6072 userPassword:: e0NSWVBUfXg=
-- Dan White
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
On 03/08/13 17:06 -0500, Rodney Simioni wrote:
-----Original Message----- From: Dan White [mailto:dwhite@olp.net] Sent: Friday, March 08, 2013 4:49 PM To: Rodney Simioni Cc: openldap-technical@openldap.org Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here?
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/noshell
Consult the documentation or mailing list of your nss ldap module.
But when I do a ldapsearch command I get:
# check72, people, wh.local dn: uid=check72,ou=people,dc=wh,dc=local uid: check72 cn: Johnny Appleseed objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k= shadowLastChange: 15140 shadowMax: 99999 shadowWarning: 7 uidNumber: 6072 gidNumber: 6072 homeDirectory: /home/check72 loginShell: /bin/noshell
Are you sure that 'check72' does not exist in /etc/passwd (or another nss plugin)?
I'm sure it does not exist in /etc/passwd
openldap-technical@openldap.org
-
Dan White -
Rodney Simioni