LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-12-2010, 12:57 PM   #1
LDZ420
LQ Newbie
 
Registered: Apr 2004
Location: Fontana, California
Distribution: Ubuntu
Posts: 27
Blog Entries: 1

Rep: Reputation: 15
Ubuntu 8.04 - LDAP - Question about nsswitch.conf


Hey Community,

I have been trying to get LDAP 2.4 working on ubuntu 8.04. I have checked a couple of sites to find out the best practice for accomplishing this task. I have also followed the direction for setting up nsswitch and pam to use ldap. ( this includes libpam-ldap, libnss-db libnss-ldap nss-updatedb) It appears that I have gotten it working because I checked the log files which says that the server is starting, i check netstat and it appears that the service is listening for request on the expected port. But, there is something that I have a question on. To explain we will first look at my /etc/nsswitc.conf file.

example of my /etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: files ldap
#compat

group: files ldap
#compat

shadow: files ldap
#compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap
networks: ldap files

protocols: ldap db files
services: ldap db files
ethers: ldap db files
rpc: ldap db files

netgroup: nis

Now everything works fine with this set up. from my understanding it is because account information is either looked up on file (/etc/passwd) or on ldap database accessed on the server. but if i remove the file from passwd: entry so that passwd entry look this passwd: ldap instead of passwd: file ldap. I am unable to authenticate.

My question is " Did I set up LDAP (client or server) incorrectly? " or " Is there just something that I am missing out on?"


Thx in advance
 
Old 06-15-2010, 07:59 AM   #2
subho.d
Member
 
Registered: Jun 2010
Location: INDIA
Distribution: All Linux & Unix
Posts: 86

Rep: Reputation: 19
run this command, and set the ldap sattings
Quote:
authconfig -tui
 
Old 06-15-2010, 07:24 PM   #3
LDZ420
LQ Newbie
 
Registered: Apr 2004
Location: Fontana, California
Distribution: Ubuntu
Posts: 27
Blog Entries: 1

Original Poster
Rep: Reputation: 15
thx. subho.d

The configuration part I believe that I am done with. The problem is that when exploring the possibility of removing the file property from the password entry

ex of nsswitch.conf

passwd: ldap
#compat

group: files ldap
#compat

shadow: files ldap
#compat

I am unable to authenticate and I want to know if that is because I have something setup incorrectly or if there is just a lack in my understanding of how authenticating with ldap works
 
Old 06-16-2010, 12:55 AM   #4
subho.d
Member
 
Registered: Jun 2010
Location: INDIA
Distribution: All Linux & Unix
Posts: 86

Rep: Reputation: 19
Ok
RUN the commend from server and client
Quote:
slapcat -l
see the output of the command and see the log 4 t-shoot...
Thx
 
Old 06-16-2010, 07:49 PM   #5
LDZ420
LQ Newbie
 
Registered: Apr 2004
Location: Fontana, California
Distribution: Ubuntu
Posts: 27
Blog Entries: 1

Original Poster
Rep: Reputation: 15
Hi subho.d

let me explain my setup a little bit more.
first the ldap client and the server are on the same machine.

The service is listening on ip address 127.0.0.1 port 389 and the client is using localhost (127.0.0.1) as ip address of server.

I checked netstat and it appears that it communication between application and ldap is being established. I also am able to do slapcat -l and get entries on file. I also have a ldapsearch utility that allows me to view entries in database and that works ok also.

Now the question still remains why when I remove the files element in the passwd entry within the nsswitch.conf file can I not find my user account when their is an entry of my user in my ldap database.

Here is my ldap database entry

dn: uid=lando,ou=people,dc=stripper,dc=org
uid: lando
cn: Lando
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: e2NyeXB0fXg=
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/lando
gecos: Lando,,,
structuralObjectClass: account
entryUUID: 2deeee74-0a1f-102f-82a4-11e9f170af23
creatorsName:
createTimestamp: 20100612033441Z
entryCSN: 20100612033441.129783Z#000000#000#000000
modifiersName:
modifyTimestamp: 20100612033441Z

but if I remove files from passwd: entry
ex of nsswitch.conf

passwd: ldap <-------- files is missing from passwd entry
#compat

group: files ldap
#compat

shadow: files ldap
#compat

I am now an unknown user.
So then if you have ldap set up correctly. try removing the files entry nsswitch.conf (make sure to NOT CLOSE your editor this can lead to you being locked on of your machine. [which I did twice or more already]) save the nsswitch.conf. open your terminal and type in whoami command tell me if you get an message saying whoami:cannot find name for user ID 1000. or if it acts as normal.

This will help me know if what I am experiencing is normal or if I have failed in my attempt to set up my ldap server/client correctly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] question about nsswitch.conf beeloo Linux - Newbie 3 04-16-2010 03:34 PM
nsswitch.conf vs host.conf question mokku Linux - Newbie 0 03-03-2008 10:18 AM
nsswitch.conf + LDAP + bootup error paul_mat Linux - Networking 1 03-31-2006 02:48 AM
LDAP & NSSwitch.conf matarodi Debian 0 09-11-2005 03:10 AM
nsswitch.conf and host.conf differences peter72 Linux - Networking 4 10-23-2004 01:02 AM


All times are GMT -5. The time now is 05:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration