Hi folks. This is my first post to the forums, and it's a tough one.
I am successfully authenticating users out of my ldap server (openldap). I want to take this a step further and eliminate the need of having these users in my local /etc files. I am using padl.com's nss_ldap and pam_ldap libraries to do this. I have this all set up and I can do a "getent group" and it pulls the group information from the ldap server just fine. If I do a "getent passwd". I only get my local users and no ldap user information.
Here are my configs.
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns ldap
services: files ldap [NOTFOUND=return]
networks: files ldap [NOTFOUND=return]
protocols: files ldap [NOTFOUND=return]
rpc: files ldap [NOTFOUND=return]
ethers: files ldap [NOTFOUND=return]
bootparams, publickey yet.
netgroup: files nis
I have heard rumors of using pam_filter in the ldap.conf file helps for this situation but I have not seen anything solid about this. Is anyone doing this setup? I am really frustrated and would appreciate some help here.