yeah, I've got it mapped "right" (in theory) - I'm using the exact mapping below that you list, which is also what our hpux servers use. Plus, yes, uid and gid (which are msSFU30UidNumber and msSFU30GidNumber)
And I can see that it is all in my record, cause I can: ldapsearch "msSFU30Name=brianl" and there are all the little bits of info I need...I can see exactly what the attributes are called in my record, so there's no unknown on that front. :/ On 12/11/06, Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> wrote:
On Dec 11, 2006, at 3:45 PM, Brian LaMere wrote: > Problem is getting nss_ldap to actually aquire user info - > especially minor > details like UID and GID. I've been workin at this silly task for > too long > now; anyone on the list have a line on a /etc/ldap.conf that will > *actually > work* with nss_ldap? I'm not in front of anything that can give me specifics, but you _did_ go through the /etc/ldap.conf and double check the attribute mappings, right? The nss_ldap ldap.conf allows you to map the Unix attribute names to whatever attribute names you really use in the LDAP database. In fact, just checking the config file we use, there's a nice comment block provided by the RHEL (and presumably fedora) packages for nss_ldap: # Services for UNIX 3.5 mappings #nss_map_objectclass posixAccount User #nss_map_objectclass shadowAccount User #nss_map_attribute uid msSFU30Name #nss_map_attribute uniqueMember msSFU30PosixMember #nss_map_attribute userPassword msSFU30Password #nss_map_attribute homeDirectory msSFU30HomeDirectory #nss_map_attribute homeDirectory msSFUHomeDirectory #nss_map_objectclass posixGroup Group #pam_login_attribute msSFU30Name #pam_filter objectclass=User #pam_password ad You may need to specify additional mappings for uidNumber and gidNumber, unless those attributes are already provided by MS SFU. Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
