Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Strange nss ldap behaviour - UIDs and GIDs not mapping
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Benny
n00b
n00b


Joined: 28 Oct 2002
Posts: 6
PostPosted: Tue Jan 04, 2005 1:32 am    Post subject: Strange nss ldap behaviour - UIDs and GIDs not mapping Reply with quote
I've got a setup where I have a master LDAP server and a replica LDAP server.

Using nss-ldap and pam-ldap my gentoo linux clients use the LDAP servers for authentication.

The strange behaviour I am seeing is that when using "ldapsearch" or "getent" all of the ldap entries are found correctly and ldap users are able to log in to the system okay.....HOWEVER, when doing something like an "ls -l" or "id username" none of the uid's or gid's are mapped correctly. Below is the output from various commands (bbirnbaum and the IT are ldap entries):

"getent passwd bbirnbaum"
Code:

bbirnbaum:x:1000:1000:Ben Birnbaum:/home/users/bbirnbaum:/bin/bash


"getent group IT"
Code:

IT:x:1000:


"ls -l"
Code:

-rw-r--r--  1 1000 1000 0 Jan  4 12:26 file1
-rw-r--r--  1 1000 1000 0 Jan  4 12:26 file2
-rw-r--r--  1 1000 1000 0 Jan  4 12:26 test


"id bbirnbaum"
Code:

uid=1000 gid=1000 groups=0(root),512


Below are snippits of my /etc/ldap.conf and /etc/nsswitch.conf (from the clients)..

ldap.conf
Code:

base dc=blah,dc=com
uri ldap://192.168.4.3/ ldap://192.168.15.36/
ldap_version 3
scope one
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_password exop
nss_base_passwd ou=people,ou=melbourne,ou=australia,dc=blah,dc=com
nss_base_shadow ou=people,ou=melbourne,ou=australia,dc=blah,dc=com
nss_base_group ou=groups,ou=melbourne,ou=australia,dc=blah,dc=com


nsswitch.conf
Code:

passwd:         files ldap
group:          files ldap
hosts:          files dns ldap


I'm really stumped on this one, any help would be appreciated - if more details are needed let me know.

Thanks guys.

Cheers
Benjamin
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
PostPosted: Tue Jan 04, 2005 12:20 pm    Post subject: Reply with quote
Ensure that nscd is not running - or not caching passwd and group as that alls fuxors LDAP for me
Back to top
View user's profile Send private message
Ferdy
Retired Dev
Retired Dev


Joined: 04 May 2002
Posts: 483
Location: España
PostPosted: Tue Jan 04, 2005 1:05 pm    Post subject: Reply with quote
IIRC you have to configure your pam_stack to use pam_ldap.o

At least works really well for me with around 100 machines and some replica servers.

PD: I *do* use nscd and haven't experienced any problems...

Cheers,
Ferdy
_________________
Paludis, the next generation in package mangling.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy