Ubuntu 8.04 - LDAP - Question about nsswitch.conf
Hey Community,
I have been trying to get LDAP 2.4 working on ubuntu 8.04. I have checked a couple of sites to find out the best practice for accomplishing this task. I have also followed the direction for setting up nsswitch and pam to use ldap. ( this includes libpam-ldap, libnss-db libnss-ldap nss-updatedb) It appears that I have gotten it working because I checked the log files which says that the server is starting, i check netstat and it appears that the service is listening for request on the expected port. But, there is something that I have a question on. To explain we will first look at my /etc/nsswitc.conf file. example of my /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files ldap #compat group: files ldap #compat shadow: files ldap #compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap networks: ldap files protocols: ldap db files services: ldap db files ethers: ldap db files rpc: ldap db files netgroup: nis Now everything works fine with this set up. from my understanding it is because account information is either looked up on file (/etc/passwd) or on ldap database accessed on the server. but if i remove the file from passwd: entry so that passwd entry look this passwd: ldap instead of passwd: file ldap. I am unable to authenticate. My question is " Did I set up LDAP (client or server) incorrectly? " or " Is there just something that I am missing out on?" Thx in advance |
run this command, and set the ldap sattings
Quote:
|
thx. subho.d
The configuration part I believe that I am done with. The problem is that when exploring the possibility of removing the file property from the password entry ex of nsswitch.conf passwd: ldap #compat group: files ldap #compat shadow: files ldap #compat I am unable to authenticate and I want to know if that is because I have something setup incorrectly or if there is just a lack in my understanding of how authenticating with ldap works |
Ok
RUN the commend from server and client Quote:
Thx |
Hi subho.d
let me explain my setup a little bit more. first the ldap client and the server are on the same machine. The service is listening on ip address 127.0.0.1 port 389 and the client is using localhost (127.0.0.1) as ip address of server. I checked netstat and it appears that it communication between application and ldap is being established. I also am able to do slapcat -l and get entries on file. I also have a ldapsearch utility that allows me to view entries in database and that works ok also. Now the question still remains why when I remove the files element in the passwd entry within the nsswitch.conf file can I not find my user account when their is an entry of my user in my ldap database. Here is my ldap database entry dn: uid=lando,ou=people,dc=stripper,dc=org uid: lando cn: Lando objectClass: account objectClass: posixAccount objectClass: top userPassword:: e2NyeXB0fXg= loginShell: /bin/bash uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/lando gecos: Lando,,, structuralObjectClass: account entryUUID: 2deeee74-0a1f-102f-82a4-11e9f170af23 creatorsName: createTimestamp: 20100612033441Z entryCSN: 20100612033441.129783Z#000000#000#000000 modifiersName: modifyTimestamp: 20100612033441Z but if I remove files from passwd: entry ex of nsswitch.conf passwd: ldap <-------- files is missing from passwd entry #compat group: files ldap #compat shadow: files ldap #compat I am now an unknown user. So then if you have ldap set up correctly. try removing the files entry nsswitch.conf (make sure to NOT CLOSE your editor this can lead to you being locked on of your machine. [which I did twice or more already]) save the nsswitch.conf. open your terminal and type in whoami command tell me if you get an message saying whoami:cannot find name for user ID 1000. or if it acts as normal. This will help me know if what I am experiencing is normal or if I have failed in my attempt to set up my ldap server/client correctly. |
All times are GMT -5. The time now is 06:51 AM. |