Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 03-16-2011, 01:25 PM   #1
Registered: Sep 2001
Location: New York
Distribution: Slackware 8
Posts: 100

Rep: Reputation: 16
Trouble with ldap auth on linux. nss_ldap, padl, ...

Been banging my head over this for 24 hours now, so i have to come to the forums . I've done several implementations of ldap auth with different directories, but this one is a little "special".

Hosts / Clients:
SuSE 9, 10
CentOS,RHEL,OracleLinux, 4,5
Some others as well.

Connecting to Active Directory on win2k3. This does NOT have the R2 schema. I'll spare the details as to why, but for now I need to use some non-standard attributes.

Current problem i have right now, is that i can see the shadow entries, but i can't see the passwd entries.
ie: getent shadow works, but getent passwd doesn't show my ldap users.

I used tcpdump, and I found that when i run getent passwd there is a filter added to the query that i wasn't expecting.

Filter: (&(objectClass=user)(sAMAccountName=pcap))

Where is this "sAMAccountName=pcap" coming from?

ldap.conf posted below.

debug 1
logdir /var/log/ldap
base OU=IT_Users,OU=IT,DC=testlic,DC=testcorp,DC=companyname,DC=ets
binddn cn=My Name,OU=IT_Users,OU=IT,DC=testlic,DC=testcorp,DC=companyname,DC=ets
bindpw ************
timelimit 10
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory division
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_password ad
nss_map_attribute userPassword authPassword
uri ldap://my.testad.server/
ssl no
tls_cacertdir /etc/openldap/cacerts
Old 03-16-2011, 04:40 PM   #2
Registered: Sep 2001
Location: New York
Distribution: Slackware 8
Posts: 100

Original Poster
Rep: Reputation: 16

was looking in the wrong place.

After carefully reading the output from tcpdump, I realized i forgot to map loginShell, and more importantly uidNumber.

All is well now.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
padl: Problem migrating users from passwd to ldap eantoranz Linux - Software 3 06-11-2013 10:48 AM
nss_ldap as unprivileged user without giving away the ldap.secret chakkerz Linux - Security 5 08-16-2010 10:28 PM
LDAP+nss_ldap+squid vnick Linux - Server 1 10-25-2009 04:17 AM
ldap: ldap_bind: Invalid credentials (49) (using user migrated with padl) eantoranz Linux - Software 1 09-05-2008 09:52 AM
nss_ldap, can't contact LDAP server! mesh2005 Linux - Networking 3 12-06-2005 01:22 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration