Re: getent passwd doesn't show ldap user
Hi Stefano.
>> Did you install nslcd by it self or in companion with libnss-ldapd and
>> libpam-ldapd?
>
> nslcd has been installed automatically installing libnss-ldapd.
Ok.
> This is my /etc/nsswitch.conf:
>
> passwd: files ldap
> group: files ldap
> shadow: files ldap
That's fine.
>> This is unnecessary, nslcd functions fine without a DN.
>
> ok, i removed it
Try stopping the caching daemon ("sudo service nscd stop") and try
again. getent still doesn't resolve?
I'm not 100% sure, but LDAP might bee needed in pam as well.
Installing libpam-ldapd should do that automatically. Look for
"pam_ldap.so" in /etc/pam.d/common-{auth,password,session}
>> Looks like LDAP can't find the DN in the repository. Can you log in
>> manually as this user?
>
> Trying your command:
> root@amahoro:~# ldapsearch -xW -D
> "uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
That explains why nslcd didn't succeed binding.
> I don't know why but trying with this:
>
> root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=amahoro,dc=bi> (default) with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> I don't understand where is wrong.
Are you sure you have a working LDAP-database? Make sure you can
resolve things manually first. When that is working you can continue
working on nslcd.
>> Do you have a slapd.conf? Have you compiled it from source or
>> installed as a Debian package?
>
> I installed it as a Debian package:
>
> root@amahoro:~# apt-cache policy slapd
>
> slapd:
> Installed: 2.4.23-7.2
> Candidate: 2.4.23-7.2
> Version table:
> *** 2.4.23-7.2 0
> 500 http://ftp.us.debian.org/debian/ squeeze/main i386 Packages
> 100 /var/lib/dpkg/status
In that case the configuration isn't done by slapd.conf. Check out the
documentation: "zless /usr/share/doc/slapd/README.Debian.gz"
> What do you think?
This command should give you the suffix and ACL's and some more info
(assuming a HDB database):
server$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
"(objectclass=olchdbconfig)"
--
Pelle
"D’ä e å, vett ja”, skrek ja, för ja ble rasen,
”å i åa ä e ö, hörer han lite, d’ä e å, å i åa ä e ö"
- Gustav Fröding, 1895
Reply to: