LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-06-2012, 01:52 PM   #1
dafydd2277
Member
 
Registered: Mar 2010
Posts: 58

Rep: Reputation: 5
getent works, ldapsearch doesn't?


Okay, I'm baffled. I'm connecting RHEL 5.[345] to a Red Hat Directory Server.

/etc/ldap.conf:
Code:
uri ldap://host1/ ldap://host2/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
/etc/nsswitch.conf:
Code:
[root@host ~]# grep ldap /etc/nsswitch.conf
passwd:     files ldap
shadow:     files ldap
group:      files ldap
getent passwd returns the test users.

However,
Code:
[root@host ~]# ldapsearch -nvx -H ldap://host1:389 -b ou=people,dc=test,dc=com
ldap_initialize( ldap://host1:389 )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

[root@host ~]#  ldapsearch -nvx -H ldap://host1:389 -D uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot -W -b ou=people,dc=test,dc=com
ldap_initialize( ldap://host1:389 )
Enter LDAP Password:
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
And, neither request returns data.

And this is the smaller problem. I have another host with the same /etc/ldap.conf and /etc/nsswitch.conf settings that won't return getent or ldapsearch.

Finally, running the ldapsearch on the ldap host, using "-h localhost" or "-H ldap://localhost" works fine.

I'm reasonably sure I'm forgetting something obvious... :-p

Any ideas?

Thanks!
David
 
Old 03-06-2012, 03:59 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,025
Blog Entries: 11

Rep: Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907
First step with such problems ...

telnet host1 389
and
telnet host1 636



Cheers,
Tink
 
Old 03-06-2012, 04:35 PM   #3
dafydd2277
Member
 
Registered: Mar 2010
Posts: 58

Original Poster
Rep: Reputation: 5
Heh. Step 1: "yum install telnet" (These test hosts are supposed to mimic a secure environment... ;-)

Port 389 gets responses. Port 636 refuses connections. Which is consistent with my not bothering to set up ldap+tls.

I'm reasonably sure I'm missing a setting on the clients, somewhere. At least as far as getent is concerned. If I can get getent passwd working on this one host that will allow forward progress. Then, the ldapsearch weirdness becomes a back-burner item.

Thanks!
David
 
Old 03-06-2012, 04:41 PM   #4
dafydd2277
Member
 
Registered: Mar 2010
Posts: 58

Original Poster
Rep: Reputation: 5
Also, on the RH Directory Server host, I can do ldapsearch with "-h localhost," "-h host1," and "-H ldap://host1.d.n:389" and get identical output for each test.
 
Old 03-06-2012, 08:36 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,025
Blog Entries: 11

Rep: Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907
Quote:
Originally Posted by dafydd2277 View Post
Heh. Step 1: "yum install telnet" (These test hosts are supposed to mimic a secure environment... ;-)
telnet is only a problem if you run a server - the telnet client is one
of a sysadmins most valuable tools for network diagnostics ;}

Quote:
Originally Posted by dafydd2277 View Post
Port 389 gets responses. Port 636 refuses connections. Which is consistent with my not bothering to set up ldap+tls.
So we've established that it's not a connectivity issue, or SE LInux.
Good ...
 
Old 03-06-2012, 08:41 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,025
Blog Entries: 11

Rep: Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907
And a silly question: have you tried running your searches w/o the '-n'?
 
1 members found this post helpful.
Old 03-07-2012, 10:13 AM   #7
dafydd2277
Member
 
Registered: Mar 2010
Posts: 58

Original Poster
Rep: Reputation: 5
Quote:
Originally Posted by Tinkster View Post
And a silly question: have you tried running your searches w/o the '-n'?
Okay, I knew I was an idiot. This new workstation is receiving good output for ldapsearch. Now that I've demonstrated that a connection to the ldap servers is functional, I have to figure out why getent won't show me the additional users.

Code:
[root@hmiwks04 ~]# ldapsearch -vx -H ldap://rhdirsrv1:389 -D uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot -W -b ou=people,dc=fed,dc=mtr | grep ^dn:
ldap_initialize( ldap://rhdirsrv1:389 )
Enter LDAP Password:
filter: (objectclass=*)
requesting: All userApplication attributes
dn: ou=People,dc=fed,dc=mtr
dn: cn=nsPwPolicyContainer,ou=People,dc=fed,dc=mtr
dn: uid=Joe,ou=People,dc=fed,dc=mtr
dn: uid=Karen,ou=People,dc=fed,dc=mtr
dn: uid=Laura,ou=People,dc=fed,dc=mtr
dn: uid=Sam,ou=People,dc=fed,dc=mtr
dn: uid=Tina,ou=People,dc=fed,dc=mtr
dn: uid=FordH,ou=People,dc=fed,dc=mtr
dn: uid=YoungS,ou=People,dc=fed,dc=mtr
dn: uid=HannahD,ou=People,dc=fed,dc=mtr
dn: uid=HauerR,ou=People,dc=fed,dc=mtr

[root@hmiwks04 ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
...
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
(The first five test users were a tester's idea. The last four are mine. Bonus points for guessing the movie inspiration...)
 
Old 03-07-2012, 10:20 AM   #8
dafydd2277
Member
 
Registered: Mar 2010
Posts: 58

Original Poster
Rep: Reputation: 5
Oh, yah!

Quote:
Originally Posted by Tinkster View Post
And a silly question: have you tried running your searches w/o the '-n'?
Yep. Definitely an idiot.

Code:
[root@hmiwks04 ~]# authconfig --enableldap --enableldapauth --update
Problem solved... :-p

I knew I was missing something simple...
 
Old 03-07-2012, 02:34 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,025
Blog Entries: 11

Rep: Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907Reputation: 907
Sweet! Pleased to hear you're away laughing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AD Authentication - wbinfo Works, getent Doesn't work, Can't Login amarriner Linux - Server 1 06-30-2011 03:59 PM
getent shadow works but getent passwd does not??? shiv_softengg Linux - Networking 1 04-04-2011 08:06 AM
OpenLDAP - ldapsearch works; getent and finger doesn't fukawi2 Linux - Server 4 03-26-2010 05:39 AM
getent passwd only pulls local info - getent group works? epoh Linux - Server 2 03-14-2008 07:56 AM
LDAP > ldapsearch doesn't print the entries when bound as normal user cbonar Linux - Server 2 09-22-2007 01:19 PM


All times are GMT -5. The time now is 07:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration