On another machine, tried this howto after purging the above above packages.
http://www.opinsys.fi/en/setting-up-...u-10-04-alpha2<http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2> sudo apt-get install libnss-ldapd libpam-ldapd Still the same outcome. I can ldapsearch, getent, etc. but id cannot show the ldap users. here's my /etc/ldap.conf cat /etc/ldap.conf | grep -v ^# | grep -v ^$ base dc=example,dc=com uri ldap://10.112.18.2 ldap_version 3 bindpw secret rootbinddn cn=admin,dc=example,dc=com bind_policy soft pam_check_host_attr yes pam_password md5 nss_base_passwd ou=People,dc=example,dc=com nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one On Thu, Dec 2, 2010 at 9:00 AM, Anton Chu <[email protected]> wrote: > Ok here's what you suggested: > > r...@webtest111:/etc/pam.d# id tony >> >> id: tony: No such user >> > r...@webtest111:/etc/pam.d# getent passwd tony >> r...@webtest111:/etc/pam.d# getent passwd | grep tony >> tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash >> r...@webtest111:/etc/pam.d# /etc/init.d/nscd stop >> * Stopping Name Service Cache Daemon nscd [ >> OK ] >> r...@webtest111:/etc/pam.d# getent passwd | grep tony >> tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash >> r...@webtest111:/etc/pam.d# getent passwd tony >> r...@webtest111:/etc/pam.d# >> > > I'll start a reinstall of the other packages instead of libnss-ldap and > libpam-ldap. > > Thanks for the tips. > > Regards > > > On Wed, Dec 1, 2010 at 11:48 PM, Buchan Milne > <[email protected]>wrote: > >> On Wednesday, 1 December 2010 22:37:56 Anton Chu wrote: >> > I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP >> server. >> > I've install the following: >> > >> > sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db >> > nscd ldap-utils pam_ccreds >> > >> > Here's my /etc/nsswitch.conf: >> > >> > passwd: files ldap [NOTFOUND=return] db >> > >> > > group: files ldap [NOTFOUND=return] db >> > > >> > > shadow: files ldap >> > > >> > > hosts: files dns >> > > networks: files >> > > >> > > protocols: db files >> > > services: db files >> > > ethers: db files >> > > rpc: db files >> > >> > I can nss_updatedb ldap succssfully: >> > # nss_updatedb ldap >> > passwd... done. >> > group... done. >> > >> > I can getent passwd, getent passwd shadow, getent group just fine and >> > they all show all my ldap users. >> >> Please compare these two: >> >> $ getent passwd |grep tony >> $ getent passwd tony >> >> If the first succeeds (returns a line looking like /etc/passwd), and the >> second fails (returns nothing), then you probably have a negative cache >> from >> nscd. Stop nscd, and test again. >> >> > However, I cannot do an id ldapuser >> > >> > ex: >> > $ id tony >> > id: tony: No such user >> >> [...] >> >> > ID works just fine with my local users on my local machine so somehow >> > it's not able to read the ldap users. >> > >> > Any insights appreciated. >> >> In some environments, I do use nss_ldap+nss_db/nss_updatedb+nscd, but one >> of >> the newer options (e.g. sssd) may be a better option. >> >> Regards, >> Buchan >> > >
