Hi,
I hope i'm in the right place to ask my question... I use openldap for user authentication on linux servers. Everything seems ok except for scheduled jobs. We use a software to launch processes based on event or schedule. An agent is installed on every servers. Unfortunately it doesn't "see" the users from the ldap. When it tries to launch the process it fails with an error like the user doesn't exists. The workaround is to create a local user but i'd prefer to use an ldap one. Do you know how i could solve that ?
Tkx
Teo
P before printing this email, think about the environment. ******************************************************************************* This e-mail is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged information. Any copying, disclosure, distribution or other use of the content of this e-mail by persons or entities other than the intended recipient is prohibited. Please contact immediately the sender if you have received this e-mail in error and delete it from all locations of your computer. The company on behalf of which the present e-mail is sent is validly committed only if the rules on the delegation of powers, as set out in the appropriate documents, have been complied with. Furthermore, due to the risks inherent to the use of the Internet, the company is not liable for the content of this e-mail if altered, changed or falsified. *******************************************************************************
On 02/20/12 15:49 +0100, teoman.onay@degroof.be wrote:
Hi,
I hope i'm in the right place to ask my question... I use openldap for user authentication on linux servers. Everything seems ok except for scheduled jobs. We use a software to launch processes based on event or schedule. An agent is installed on every servers. Unfortunately it doesn't "see" the users from the ldap. When it tries to launch the process it fails with an error like the user doesn't exists. The workaround is to create a local user but i'd prefer to use an ldap one. Do you know how i could solve that ?
Topics to read up on would include PAM, Name Service Switch (NSS), and the getent(1) manpage (getent passwd <user>).
It sounds like you have an ldap PAM module configured, but no ldap NSS module, of which you have several options. OpenLDAP maintains one such piece of software called nssov, which is located in the contrib/slapd-modules/ directory within the source.
Topics to read up on would include PAM, Name Service Switch (NSS), and the getent(1) manpage (getent passwd <user>).
It sounds like you have an ldap PAM module configured, but no ldap NSS module, of which you have several options. OpenLDAP maintains one such piece of software called nssov, which is located in the contrib/slapd-modules/ directory within the source.
-- Dan White
The nsswitch.conf contains this :
passwd: files ldap shadow: files ldap group: files ldap
I don't know what other parameter should be set ...
getent passwd / group / shadow works perfectly.
Teo P before printing this email, think about the environment. ******************************************************************************* This e-mail is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged information. Any copying, disclosure, distribution or other use of the content of this e-mail by persons or entities other than the intended recipient is prohibited. Please contact immediately the sender if you have received this e-mail in error and delete it from all locations of your computer. The company on behalf of which the present e-mail is sent is validly committed only if the rules on the delegation of powers, as set out in the appropriate documents, have been complied with. Furthermore, due to the risks inherent to the use of the Internet, the company is not liable for the content of this e-mail if altered, changed or falsified. *******************************************************************************
On 02/20/12 15:49 +0100, teoman.onay@degroof.be wrote:
Hi,
I hope i'm in the right place to ask my question... I use openldap for user authentication on linux servers. Everything seems ok except for scheduled jobs. We use a software to launch processes based on event or schedule. An agent is installed on every servers. Unfortunately it doesn't "see" the users from the ldap. When it tries to launch the process it fails with an error like the user doesn't exists. The workaround is to create a local user but i'd prefer to use an ldap one. Do you know how i could solve that ?
Contact the support department for the vendor of this software. Verify that they use the getpwent system call to retrieve user information.
On 02/20/12 16:30 +0100, teoman.onay@degroof.be wrote:
Topics to read up on would include PAM, Name Service Switch (NSS), and the getent(1) manpage (getent passwd <user>).
It sounds like you have an ldap PAM module configured, but no ldap NSS module, of which you have several options. OpenLDAP maintains one such piece of software called nssov, which is located in the contrib/slapd-modules/ directory within the source.
The nsswitch.conf contains this :
passwd: files ldap shadow: files ldap group: files ldap
I don't know what other parameter should be set ...
getent passwd / group / shadow works perfectly.
openldap-technical@openldap.org
-
Dan White -
teoman.onay@degroof.be