1:14 p.m.
Hi,
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
But when I do a ldapsearch command I get:
# check72, people, wh.local
dn: uid=check72,ou=people,dc=wh,dc=local
uid: check72
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 6072
gidNumber: 6072
homeDirectory: /home/check72
loginShell: /bin/noshell
# check72, group, wh.local
dn: cn=check72,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: check72
gidNumber: 6072
userPassword:: e0NSWVBUfXg=
# search result
search: 2
result: 0 Success
I have rstarted slapd and nscd, any clue? Thanks in advance.
This email message is intended for the use of the person to whom it has been sent, and may
contain information that is confidential or legally protected. If you are not the intended
recipient or have received this message in error, you are not authorized to copy,
distribute, or otherwise use this message or its attachments. Please notify the sender
immediately by return e-mail and permanently delete this message and any attachments.
Verio Inc. makes no warranty that this email is error or virus free. Thank you.
1:49 p.m.
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here?
Presumably you are expecting to either see the password hash value, or an
"x" instead of "*".
If so, you could have an ACL misconfiguration, or a problem with your ldap
nss module.
But when I do a ldapsearch command I get:
# check72, people, wh.local
dn: uid=check72,ou=people,dc=wh,dc=local
uid: check72
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 6072
gidNumber: 6072
homeDirectory: /home/check72
loginShell: /bin/noshell
You're seeing /bin/bash in your getent output. That must be an nss ldap
problem.
Are you sure that 'check72' does not exist in /etc/passwd (or another nss
plugin)?
# check72, group, wh.local
dn: cn=check72,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: check72
gidNumber: 6072
userPassword:: e0NSWVBUfXg=
--
Dan White
2:06 p.m.
-----Original Message-----
From: Dan White [mailto:dwhite@olp.net]
Sent: Friday, March 08, 2013 4:49 PM
To: Rodney Simioni
Cc: openldap-technical(a)openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch
On 03/08/13 16:14 -0500, Rodney Simioni wrote:
When I do a 'getent check72 passwd' I get:
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
What do you expect to see here?
[>>>>>>>>]check72:*:6072:6072:Johnny
Appleseed:/home/check72:/bin/noshell
Presumably you are expecting to either see the password hash value, or an "x"
instead of "*".
If so, you could have an ACL misconfiguration, or a problem with your ldap nss module.
But when I do a ldapsearch command I get:
# check72, people, wh.local
dn: uid=check72,ou=people,dc=wh,dc=local
uid: check72
cn: Johnny Appleseed
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
shadowLastChange: 15140
shadowMax: 99999
shadowWarning: 7
uidNumber: 6072
gidNumber: 6072
homeDirectory: /home/check72
loginShell: /bin/noshell
You're seeing /bin/bash in your getent output. That must be an nss ldap problem.
Are you sure that 'check72' does not exist in /etc/passwd (or another nss
plugin)?
[>>>>>>>>] I'm sure it does not exist in /etc/passwd
# check72, group, wh.local
dn: cn=check72,ou=group,dc=wh,dc=local
objectClass: posixGroup
objectClass: top
cn: check72
gidNumber: 6072
userPassword:: e0NSWVBUfXg=
--
Dan White
This email message is intended for the use of the person to whom it has been sent, and may
contain information that is confidential or legally protected. If you are not the intended
recipient or have received this message in error, you are not authorized to copy,
distribute, or otherwise use this message or its attachments. Please notify the sender
immediately by return e-mail and permanently delete this message and any attachments.
Verio Inc. makes no warranty that this email is error or virus free. Thank you.
2:41 p.m.
On 03/08/13 17:06 -0500, Rodney Simioni wrote:
-----Original Message-----
From: Dan White [mailto:dwhite@olp.net]
Sent: Friday, March 08, 2013 4:49 PM
To: Rodney Simioni
Cc: openldap-technical(a)openldap.org
Subject: Re: getent passwd inconsistent loginShell with ldapsearch
>On 03/08/13 16:14 -0500, Rodney Simioni wrote:
>>When I do a 'getent check72 passwd' I get:
>>
>>check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/bash
>
>What do you expect to see here?
check72:*:6072:6072:Johnny Appleseed:/home/check72:/bin/noshell
Consult the documentation or mailing list of your nss ldap module.
>>But when I do a ldapsearch command I get:
>>
>># check72, people, wh.local
>>dn: uid=check72,ou=people,dc=wh,dc=local
>>uid: check72
>>cn: Johnny Appleseed
>>objectClass: account
>>objectClass: posixAccount
>>objectClass: top
>>objectClass: shadowAccount
>>userPassword:: e1NTSEF9OWVHdTdPVHIwVE15ajNQNEphdG9GR1cwZnQxa2Ftb3k=
>>shadowLastChange: 15140
>>shadowMax: 99999
>>shadowWarning: 7
>>uidNumber: 6072
>>gidNumber: 6072
>>homeDirectory: /home/check72
>>loginShell: /bin/noshell
>Are you sure that 'check72' does not exist in /etc/passwd
(or another nss plugin)?
I'm sure it does not exist in /etc/passwd
--
Dan White
3853
days inactive
3853
days old
openldap-technical@openldap.org
3 comments
2 participants
participants (2)
-
Dan White -
Rodney Simioni