It's a strange problem, I settle down LDAP setting and can get correct ldapsearch result at the mgmt node, but when I use "su" to the user, the system prompt "the user is not existed".
It seems the LDAP service ( slaped ) is running and the user authentication goes through /etc/passwd still. How to move the user authentication to LDAP only?
I had changed /etc/nsswitch.conf to use ldap also.
[root@xcat user]# ldapsearch -x -v -D "cn=root,dc=isilon,dc=cn" -W -b "ou=People,dc=isilon,dc=cn" "uid=demo" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: uid=demo requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <ou=People,dc=isilon,dc=cn> with scope subtree # filter: uid=demo # requesting: ALL #
# demo, People, isilon.cn dn: uid=demo,ou=People,dc=isilon,dc=cn uid: demo cn: demo sn: demo mail: demo@isilon.cn objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQ2JHkuMjUwS3hlJE9VZ3BidXJDdlg0UFk2NVFSSXBKNjhtNnpxYVp OVHdZYnBpZkdJVUJuQk1ZZnlVdmtEMHNwMTZLUmtaQmhoT0xrQ1NZdEhUU2NEUDRhTmhGUnJNSWIv shadowLastChange: 15334 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 501 gidNumber: 500 homeDirectory: /ifs/home/demo
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
[root@xcat user]# su - demo su: user demo is not existed
On 11-12-28 6:49 PM, 杨峰 wrote:
It's a strange problem, I settle down LDAP setting and can get correct ldapsearch result at the mgmt node, but when I use "su" to the user, the system prompt "the user is not existed".
It seems the LDAP service ( slaped ) is running and the user authentication goes through /etc/passwd still. How to move the user authentication to LDAP only?
I had changed /etc/nsswitch.conf to use ldap also.
[root@xcat user]# ldapsearch -x -v -D "cn=root,dc=isilon,dc=cn" -W -b "ou=People,dc=isilon,dc=cn" "uid=demo" ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: uid=demo requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <ou=People,dc=isilon,dc=cn> with scope subtree # filter: uid=demo # requesting: ALL #
# demo, People, isilon.cn dn: uid=demo,ou=People,dc=isilon,dc=cn uid: demo cn: demo sn: demo mail: demo@isilon.cn objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQ2JHkuMjUwS3hlJE9VZ3BidXJDdlg0UFk2NVFSSXBKNjhtNnpxYVp OVHdZYnBpZkdJVUJuQk1ZZnlVdmtEMHNwMTZLUmtaQmhoT0xrQ1NZdEhUU2NEUDRhTmhGUnJNSWIv shadowLastChange: 15334 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 501 gidNumber: 500 homeDirectory: /ifs/home/demo
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
[root@xcat user]# su - demo su: user demo is not existed
Have you configured /etc/ldap.conf to your Ldap structure?
openldap-technical@openldap.org
-
Daniel Qian -
杨峰