Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 01-26-2002, 09:02 PM   #1
Registered: Jan 2002
Location: Omaha, NE US
Distribution: Red Hat/CentOS
Posts: 226

Rep: Reputation: 30
ldap auth - nsswitch - pam_ldap

Hi folks. This is my first post to the forums, and it's a tough one.

I am successfully authenticating users out of my ldap server (openldap). I want to take this a step further and eliminate the need of having these users in my local /etc files. I am using's nss_ldap and pam_ldap libraries to do this. I have this all set up and I can do a "getent group" and it pulls the group information from the ldap server just fine. If I do a "getent passwd". I only get my local users and no ldap user information.

Here are my configs.

host ldap
base dc=birddog,dc=com
rootbinddn cn=root,dc=birddog,dc=com
pam_member_attribute memberUid
nss_base_passwd ou=People,dc=birddog,dc=com?one
nss_base_group ou=Groups,dc=birddog,dc=com?one


passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns ldap
services: files ldap [NOTFOUND=return]
networks: files ldap [NOTFOUND=return]
protocols: files ldap [NOTFOUND=return]
rpc: files ldap [NOTFOUND=return]
ethers: files ldap [NOTFOUND=return]
bootparams, publickey yet.
netmasks: files
bootparams: files
publickey: files
automount: files
aliases: files
sendmailvars: files
netgroup: files nis

I have heard rumors of using pam_filter in the ldap.conf file helps for this situation but I have not seen anything solid about this. Is anyone doing this setup? I am really frustrated and would appreciate some help here.

Thank you!
Old 01-27-2002, 10:13 PM   #2
Registered: Jan 2002
Location: Omaha, NE US
Distribution: Red Hat/CentOS
Posts: 226

Original Poster
Rep: Reputation: 30
I have narrowed the problem down to nss_ldap module but "getent group" works, which confuses me. Is anyone using this type of setup at all?

Thank you,


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP & NSSwitch.conf matarodi Debian 0 09-11-2005 03:10 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 09:56 PM
Auth via LDAP on eDirectory jtweaker Linux - Networking 1 12-28-2004 08:18 AM
Ldap + smb auth PcHammer Linux - Software 0 02-17-2003 03:19 AM
Cyrus, pam_ldap, ldap postfix installation mayankjohri Linux - Software 0 07-18-2002 06:09 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:53 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration