Re: getent passwd doesn't show ldap user - openldap-technical

23 Apr 2012


      hi,
installed openldap and configured nslcd.conf and nsswitch.conf.
At the moment getent passwd doesn't show ldap user.
I create a user nslcd_proc for nslcd lookups.
this user belong to the System organizationalUnit.
You can see some checks.
FIRST SHELL
nslcd -d
nslcd: DEBUG: add_uri(ldap://localhost:389)
nslcd: version 0.7.15 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No 
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(107) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections
SECOND SHELL: getent passwd-->shows only local users
FIRST SHELL shows:
nslcd: [8b4567] DEBUG: connection from pid=2055 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_all()
nslcd: [8b4567] DEBUG: myldap_search(base="dc=amahoro,dc=bi", 
filter="(objectClass=posixAccount)")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://localhost:389)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: 
ldap_simple_bind_s("uid=nslcd_proc,ou=System,dc=amahoro,dc=bi","***") 
(uri="ldap://localhost:389")
nslcd: [8b4567] ldap_result() failed: No such object
These are the permissions of nslcd files and folder
ls -ld /etc/nslcd.conf /var/run/nslcd/ /var/run/nslcd/*
-rw-r----- 1 root  nslcd  635 Apr 21 11:54 /etc/nslcd.conf
drwxr-xr-x 2 nslcd nslcd 4096 Apr 21 11:55 /var/run/nslcd/
-rw-r--r-- 1 root  root     5 Apr 21 11:55 /var/run/nslcd/nslcd.pid
srw-rw-rw- 1 root  root     0 Apr 21 11:55 /var/run/nslcd/socket
Opening /var/run/nslcd/socket it shows:
Error reading /var/run/nslcd/socket: No such device or address
Follow nslcd.conf and slapd.conf.
__________________________________________________________________
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost:389
# The search base that will be used for all queries.
base dc=amahoro,dc=bi
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
binddn uid=nslcd_proc,ou=System,dc=amahoro,dc=bi
bindpw *****
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
# The search scope.
#scope sub
___________________________________________________________________
slapd.conf
slapd.conf
#Basics
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        trace
modulepath      /usr/lib/ldap
moduleload      back_hdb
#Database Configuration
backend         hdb
database        hdb
suffix          "dc=amahoro,dc=bi"
rootdn          "cn=Manager,dc=amahoro,dc=bi"
rootpw          {SSHA}zH2A+jeSlbl2/UcAXm596KPV4IB/R6x9
directory       /var/lib/ldap
index           objectClass,cn  eq
#ACLs
access to attrs=userPassword
         by anonymous auth
         by self write
         by * none
access to *
         by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read
         by self write
         by * none
Please, do you have some ideas?
thanks