nsswitch ldap lookup problems
Klavs Klavsen
kl at vsen.dk
Wed Feb 2 02:17:53 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
I've gotten my kerberos and openldap up and running on FreeBSD 5.3 - and
can login with my user (because he has been created in kerberos and pam
looks in that), but nsswitch can't find the user in ldap for some reason.
All help will be greatly appreciated
When I login with ssh I get this in debug.log:
Feb 2 11:06:06 auth01 sshd[771]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found
Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 ACCEPT from
IP=172.21.1.109:56828 (IP=0.0.0.0:636)
Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 BIND dn="" method=128
Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 RESULT tag=97 err=0 text=
Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SRCH
base="ou=People,dc=vsen,dc=dk" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=ktk))"
Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 closed
Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Feb 2 11:06:09 auth01 sshd[774]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found
if I try to do an ldapsearch for the same:
# ldapsearch "(&(objectClass=posixAccount)(uid=ktk))" -b
"ou=People,dc=vsen,dc=dk" -Y gssapi
It seems to work fine:
[SNIP - cut SASL talk]
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(objectClass=posixAccount)(uid=ktk))
# requesting: -b ou=People,dc=vsen,dc=dk -Y gssapi
#
# ktk, People, telmore.dk
dn: uid=ktk,ou=People,dc=vsen,dc=dk
# search result
search: 5
result: 0 Success
# numResponses: 2
# numEntries: 1
my /usr/local/etc/ldap.conf (on freebsd 5.3) looks like this:
BASE dc=vsen, dc=dk
URI ldaps://auth.vsen.dk:636/
TLS_REQCERT allow
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
scope sub
port 389
pam_password md5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=People,dc=vsen,dc=dk?one
nss_base_group ou=Groups,dc=vsen,dc=dk?one
nss_base_shadow ou=People,dc=vsen,dc=dk?one
#debug testing
logdir /var/log
debug 9
- --
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
~ --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCAKjtPToLeX4GPGIRAutdAJ4prd0S1dlM+kNcSAooZgNg6AV+hgCfW3pL
YA9GXibYIkpgKkrxvPxL50c=
=JwZO
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list