nss_ldap not working (getent passwd)

WindowBreaker · 06-26-2006, 06:58 PM

So after reading an LDAP book by oreilly, and playing with several test computers, here's where I'm at.

I cannot get nss_ldap to work!

Running

Code:

getent passwd

only returns results from /etc/passwd, and nothing from my running LDAP server.

I have migrated all my user/group accounts into the running ldap server using the Migration tools from PADL.com.
The slapd process is running fine.
I can see everything with an

Code:

ldapsearch -x "(objectClass=posixAccount)"

My /etc/openldap/ldap.conf file is setup correctly (used by ldapsearch).

My /etc/ldap.conf file is also setup correctly (per the book, and about 20 online tutorials).

Code:

slapcat

shows all of my directory's contents.

My /etc/nsswitch.conf file has the following entries:
passwd: ldap compat
group: ldap compat

I know it's not querying ldap because:
1. I added a new user into the ldap directory and it's not showing.
2. I modified an existing user's home directory in LDAP, and it's showing old value (from /etc/passwd).
3. When I remove the 'compat' entry from nsswitch.conf, I get absolutely no output from:

Code:

getent passwd

Any ideas??? I'm open to just about anything at this point. If you want to see the config files, just let me know.

Thanks in advance.

PS: I compiled all the software on this same computer (no errors), created the slackpacks, which I then installed, on the computer. This includes:
OpenLDAP
nss_ldap

Alien Bob · 06-27-2006, 12:51 AM

So many unknowns.
What is the output from

Code:

cat /etc/ldap.conf | grep -v "^#" |grep -v "^$"

What is in your /etc/openldap/ldap.conf?
How did you configure nss_ldap before you ran make?
I don't know the content of your LDAP database, but if you first post answers to the above, we can go from there.

Eric

WindowBreaker · 06-27-2006, 02:19 AM

Output from:

Code:

cat /etc/ldap.conf | grep -v "^#" |grep -v "^$"

Quote:

@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
host 127.0.0.1
base dc=mydomain,dc=com

Output from:

Code:

cat /etc/openldap/ldap.conf | grep -v "^#" |grep -v "^$"

Quote:

host 127.0.0.1
base dc=mydomain,dc=com

Quote:

How did you configure nss_ldap before you ran make?

I did:

Code:

./configure --prefix=/etc --sysconfdir=/etc --localstatedir=/var
make
make DESTDIR=/tmp/package/nss_ldap install
cd /tmp/package/nss_ldap
mkdir install
cat << EOF > install/slack-desc
...
EOF
makepkg -l y -c n /tmp/nss_ldap-2.51-noarch-1pjg.tgz
installpkg /tmp/nss_ldap-2.51-noarch-1pjg.tgz

Note:
I have done the exact same procedure on both a desktop running kernel 2.6.16.18, and a laptop running kernel 2.4.31 . The 'getent passwd' command works perfectly on the desktop. The only problem is with the laptop. I thought maybe it was a problem related to the contents of my directory. So I recreated the laptop's directory using an LDIF file will all entries from the desktop, still not working. I've tried comparing everything I can between the two (config files mainly), and can't tell why the desktop works, and the laptop doesn't.

I had to compile/create a slackpack for OpenLDAP on the laptop, as the one built on a 2.6 kernel (desktop) wouldn't work due to the 2.4 kernel lacking the 'epoll' function. But that was done before I did anything else. And just in case, I also compiled nss_ldap on the laptop also.