LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Trouble with ldap auth on linux. nss_ldap, padl, ... (http://www.linuxquestions.org/questions/linux-general-1/trouble-with-ldap-auth-on-linux-nss_ldap-padl-868993/)

Ratclaws 03-16-2011 01:25 PM

Trouble with ldap auth on linux. nss_ldap, padl, ...
 
Been banging my head over this for 24 hours now, so i have to come to the forums :). I've done several implementations of ldap auth with different directories, but this one is a little "special".

Hosts / Clients:
SuSE 9, 10
CentOS,RHEL,OracleLinux, 4,5
Some others as well.

Connecting to Active Directory on win2k3. This does NOT have the R2 schema. I'll spare the details as to why, but for now I need to use some non-standard attributes.

Current problem i have right now, is that i can see the shadow entries, but i can't see the passwd entries.
ie: getent shadow works, but getent passwd doesn't show my ldap users.

I used tcpdump, and I found that when i run getent passwd there is a filter added to the query that i wasn't expecting.

Filter: (&(objectClass=user)(sAMAccountName=pcap))

Where is this "sAMAccountName=pcap" coming from?

ldap.conf posted below.

debug 1
logdir /var/log/ldap
base OU=IT_Users,OU=IT,DC=testlic,DC=testcorp,DC=companyname,DC=ets
binddn cn=My Name,OU=IT_Users,OU=IT,DC=testlic,DC=testcorp,DC=companyname,DC=ets
bindpw ************
timelimit 10
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory division
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_password ad
nss_map_attribute userPassword authPassword
uri ldap://my.testad.server/
ssl no
tls_cacertdir /etc/openldap/cacerts

Ratclaws 03-16-2011 04:40 PM

[solved]
 
was looking in the wrong place.


After carefully reading the output from tcpdump, I realized i forgot to map loginShell, and more importantly uidNumber.

All is well now.


All times are GMT -5. The time now is 07:38 AM.