Re: getent passwd doesn't show ldap user

To: debian-user <debian-user@lists.debian.org>
Subject: Re: getent passwd doesn't show ldap user
From: Per Carlson <pelle@hemmop.com>
Date: Mon, 23 Apr 2012 16:11:51 +0200
Message-id: <[🔎] CAOURYnB3sSs6DJzmWvcWzXmwnah8H3aOeg-RCqziPpA8s7ESDg@mail.gmail.com>
In-reply-to: <[🔎] 4F955955.1090006@gmail.com>
References: <[🔎] 4F952D3C.2030402@gmail.com> <[🔎] CAOURYnDjhQpbrZFYd4urzp5ux8hHXHbaGB1XmCucNCw=JYcTFw@mail.gmail.com> <[🔎] 4F955955.1090006@gmail.com>

Hi Stefano.

>> Did you install nslcd by it self or in companion with libnss-ldapd and
>> libpam-ldapd?
>
> nslcd has been installed automatically installing libnss-ldapd.

Ok.

> This is my /etc/nsswitch.conf:
>
> passwd:         files ldap
> group:          files ldap
> shadow:         files ldap

That's fine.

>> This is unnecessary, nslcd functions fine without a DN.
>
> ok, i removed it

Try stopping the caching daemon ("sudo service nscd stop") and try
again. getent still doesn't resolve?

I'm not 100% sure, but LDAP might bee needed in pam as well.
Installing libpam-ldapd should do that automatically. Look for
"pam_ldap.so" in /etc/pam.d/common-{auth,password,session}

>> Looks like LDAP can't find the DN in the repository. Can you log in
>> manually as this user?
>
> Trying your command:
> root@amahoro:~# ldapsearch -xW -D
> "uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)

That explains why nslcd didn't succeed binding.

> I don't know why but trying with this:
>
> root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=amahoro,dc=bi> (default) with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> I don't understand where is wrong.

Are you sure you have a working LDAP-database? Make sure you can
resolve things manually first. When that is working you can continue
working on nslcd.

>> Do you have a slapd.conf? Have you compiled it from source or
>> installed as a Debian package?
>
> I installed it as a Debian package:
>
> root@amahoro:~# apt-cache policy slapd
>
> slapd:
>  Installed: 2.4.23-7.2
>  Candidate: 2.4.23-7.2
>  Version table:
>  *** 2.4.23-7.2 0
>        500 http://ftp.us.debian.org/debian/ squeeze/main i386 Packages
>        100 /var/lib/dpkg/status

In that case the configuration isn't done by slapd.conf. Check out the
documentation: "zless /usr/share/doc/slapd/README.Debian.gz"

> What do you think?

This command should give you the suffix and ACL's and some more info
(assuming a HDB database):

server$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
"(objectclass=olchdbconfig)"


-- 
Pelle

"D’ä e å, vett ja”, skrek ja, för ja ble rasen,
”å i åa ä e ö, hörer han lite, d’ä e å, å i åa ä e ö"
- Gustav Fröding, 1895

Reply to:

Follow-Ups:
- Re: getent passwd doesn't show ldap user
  - From: stefano malini <lozingalo@gmail.com>
- Re: getent passwd doesn't show ldap user
  - From: stefano malini <lozingalo@gmail.com>

References:
- getent passwd doesn't show ldap user
  - From: stefano malini <lozingalo@gmail.com>
- Re: getent passwd doesn't show ldap user
  - From: Per Carlson <pelle@hemmop.com>
- Re: getent passwd doesn't show ldap user
  - From: stefano malini <lozingalo@gmail.com>

Prev by Date: nfs shares have trailing slash in /proc/mounts
Next by Date: Re: X problem (?) after fresh install on old laptop
Previous by thread: Re: getent passwd doesn't show ldap user
Next by thread: Re: getent passwd doesn't show ldap user
Index(es):
- Date
- Thread