Hi Per.
something is improved! now i can log manually, there was an error, a big
error, i didn't insert the root as ldif in the directory. Very big error!
Anyway, the problem with getent passwd is still there:
This is the output of nslcd -d typing getent passwd fro another shell:
nslcd: DEBUG: add_uri(ldap://localhost:389)
nslcd: version 0.7.15 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(107) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=3478 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_all()
nslcd: [8b4567] DEBUG: myldap_search(base="dc=amahoro,dc=bi",
filter="(objectClass=posixAccount)")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://localhost:389)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL)
(uri="ldap://localhost:389";)
nslcd: [8b4567] ldap_result() failed: No such object
Thanks
On 04/23/2012 04:11 PM, Per Carlson wrote:
Hi Stefano.
Did you install nslcd by it self or in companion with libnss-ldapd and
libpam-ldapd?
nslcd has been installed automatically installing libnss-ldapd.
Ok.
This is my /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap
That's fine.
This is unnecessary, nslcd functions fine without a DN.
ok, i removed it
Try stopping the caching daemon ("sudo service nscd stop") and try
again. getent still doesn't resolve?
I'm not 100% sure, but LDAP might bee needed in pam as well.
Installing libpam-ldapd should do that automatically. Look for
"pam_ldap.so" in /etc/pam.d/common-{auth,password,session}
Looks like LDAP can't find the DN in the repository. Can you log in
manually as this user?
Trying your command:
root@amahoro:~# ldapsearch -xW -D
"uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
That explains why nslcd didn't succeed binding.
I don't know why but trying with this:
root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base<dc=amahoro,dc=bi> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
I don't understand where is wrong.
Are you sure you have a working LDAP-database? Make sure you can
resolve things manually first. When that is working you can continue
working on nslcd.
Do you have a slapd.conf? Have you compiled it from source or
installed as a Debian package?
I installed it as a Debian package:
root@amahoro:~# apt-cache policy slapd
slapd:
Installed: 2.4.23-7.2
Candidate: 2.4.23-7.2
Version table:
*** 2.4.23-7.2 0
500 http://ftp.us.debian.org/debian/ squeeze/main i386 Packages
100 /var/lib/dpkg/status
In that case the configuration isn't done by slapd.conf. Check out the
documentation: "zless /usr/share/doc/slapd/README.Debian.gz"
What do you think?
This command should give you the suffix and ACL's and some more info
(assuming a HDB database):
server$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
"(objectclass=olchdbconfig)"
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f95891f.7070...@gmail.com
