nsswitch ldap lookup problems
Totem
totem-lists at totem.is-a-geek.com
Thu Feb 3 13:40:15 PST 2005
I am using the nss_ldap port on 5.3 (nss_ldap-1.204_5). My config file
is located at "/usr/local/etc/nss_ldap.conf". Also this is in my
"/etc/nsswitch.conf" file.
passwd: files ldap
group: files ldap
hosts: files dns
shadow: files
It is working for me. It looks like you might need to rename or link
your ldap.conf and update your nsswitch.conf.
Note: I'm using this for Samba not Kerberos, YMMV.
Klavs Klavsen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi guys,
>
> I've gotten my kerberos and openldap up and running on FreeBSD 5.3 - and
> can login with my user (because he has been created in kerberos and pam
> looks in that), but nsswitch can't find the user in ldap for some reason.
>
> All help will be greatly appreciated
>
> When I login with ssh I get this in debug.log:
> Feb 2 11:06:06 auth01 sshd[771]: NSSWITCH(nss_method_lookup): ldap,
> passwd, endpwent, not found
> Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
> group, setgrent, not found
> Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
> group, getgrent_r, not found
> Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
> group, endgrent, not found
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 ACCEPT from
> IP=172.21.1.109:56828 (IP=0.0.0.0:636)
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 BIND dn="" method=128
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 RESULT tag=97 err=0 text=
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SRCH
> base="ou=People,dc=vsen,dc=dk" scope=1 deref=0
> filter="(&(objectClass=posixAccount)(uid=ktk))"
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 closed
> Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
> group, setgrent, not found
> Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
> group, getgrent_r, not found
> Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
> group, endgrent, not found
> Feb 2 11:06:09 auth01 sshd[774]: NSSWITCH(nss_method_lookup): ldap,
> passwd, endpwent, not found
>
> if I try to do an ldapsearch for the same:
> # ldapsearch "(&(objectClass=posixAccount)(uid=ktk))" -b
> "ou=People,dc=vsen,dc=dk" -Y gssapi
>
> It seems to work fine:
> [SNIP - cut SASL talk]
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (&(objectClass=posixAccount)(uid=ktk))
> # requesting: -b ou=People,dc=vsen,dc=dk -Y gssapi
> #
>
> # ktk, People, telmore.dk
> dn: uid=ktk,ou=People,dc=vsen,dc=dk
>
> # search result
> search: 5
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> my /usr/local/etc/ldap.conf (on freebsd 5.3) looks like this:
> BASE dc=vsen, dc=dk
> URI ldaps://auth.vsen.dk:636/
> TLS_REQCERT allow
>
>
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
>
> scope sub
> port 389
> pam_password md5
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberUid
> nss_base_passwd ou=People,dc=vsen,dc=dk?one
> nss_base_group ou=Groups,dc=vsen,dc=dk?one
> nss_base_shadow ou=People,dc=vsen,dc=dk?one
> #debug testing
> logdir /var/log
> debug 9
>
>
> - --
> Regards,
> Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk
> PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
> ~ --Henry Spencer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFCAKjtPToLeX4GPGIRAutdAJ4prd0S1dlM+kNcSAooZgNg6AV+hgCfW3pL
> YA9GXibYIkpgKkrxvPxL50c=
> =JwZO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list