Trouble getting groups through ypldap
I'm attempting to setup OpenLDAP, Samba and ypldap on 4.7. OpenLDAP is
up and running along with Samba, and I've used the smbldap tools to
populate the directory.
I'm having trouble getting the full list of LDAP groups with getent.
At first I ran getent group and didn't see any of the LDAP groups.
Then I noticed that the ypldap.conf example uses basedn
ou=Users,dc=domain,dc=tld, so I changed it to basedn
dc=domain,dc=tld. Now getent group shows only the first of the LDAP
groups:
# getent group
...
nogroup:*:32766
nobody:*:32767
_openldap:*:544
_dbus:*:572
_avahi:*:629
_avahi-autoipd:*:630
_cups:*:541
Domain Admins:*:512:root
I ran the equivalent search that ypldap was doing (based on watching
OpenLDAP in the foreground) and got the full list of groups. So it
looks like something between OpenLDAP and ypldap isn't working quite
right. I looked at the changes to ypldap since 4.7 and there doesn't
seem to be anything relevant.
I'm out of ideas for troubleshooting short of trying a snapshot, which
I'll try later today.
Any ideas where to look next?
Here's my ypldap.conf:
domain pmh.org
interval 30
provide map passwd.byname
provide map passwd.byuid
provide map group.byname
provide map group.bygid
directory ldap.pmh.org {
binddn cn=Manager,dc=pmh,dc=org
bindcred secret
# basedn ou=Users,dc=pmh,dc=org
basedn dc=pmh,dc=org
passwd filter (objectClass=posixAccount)
attribute name maps to uid
fixed attribute passwd *
attribute uid maps to uidNumber
attribute gid maps to gidNumber
attribute gecos maps to cn
attribute home maps to homeDirectory
fixed attribute shell loginShell
fixed attribute change 0
fixed attribute expire 0
fixed attribute class ldap
group filter (objectClass=posixGroup)
attribute groupname maps to cn
fixed attribute grouppasswd *
attribute groupgid maps to gidNumber
list groupmembers maps to memberUid
}
And dmesg:
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class, 128KB L2 cache) 898 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
R,SSE
real mem = 266694656 (254MB)
avail mem = 249700352 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/23/01, BIOS32 rev. 0 @ 0xfda74, SMBIOS
rev. 2.3 @ 0xf0ff0 (49 entries)
bios0: vendor Intel Corp. version CB81010A.15A.0026.P05.0108230926 date 08/23/
2001
bios0: Gateway E-1600
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3370/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x1000 0xcd000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82810E Host rev 0x03
vga1 at pci0 dev 1 function 0 Intel 82810E Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
fxp0 at pci1 dev 8 function 0 Intel 82562 rev 0x01, i82562: irq 5, address 00:
03:47:a3:9b:b8
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02: 24-bit timer at
3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA, channel 0 w
ired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRD-8483B, 1.06 ATAPI 5/cdrom removab
le
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd0 at pciide0 channel 1 drive 0: Maxtor 2F040L0
wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10
ichiic0 at pci0 dev 31 function 3 Intel 82801BA SMBus rev 0x02: irq 9
iic0 at ichiic0
admtm0 at iic0 addr 0x2d: adm1025
spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL3
auich0 at pci0 dev 31 function 5 Intel 82801BA AC97 rev 0x02: irq 9, ICH2 AC97
ac97: codec id 0x4352594d (Cirrus Logic CS4201 rev 5)
ac97: codec features 20 bit DAC, 18 bit ADC, Crystal Semi 3D
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
Re: Trouble getting groups through ypldap
It could be the groups your missing have no members, which fails to output the
group. You can confirm this my adding a user to one of the groups, and see if
the group is displayed. This following change, rather than skipping output of
the group, outputs group with a null list of members.
Regards
Nigel Taylor
$ cvs -R -q -d /cvs diff -u
Index: ldapclient.c
===
RCS file: /cvs/src/usr.sbin/ypldap/ldapclient.c,v
retrieving revision 1.14
diff -u -r1.14 ldapclient.c
--- ldapclient.c6 Jun 2009 05:02:58 - 1.14
+++ ldapclient.c5 Jul 2009 18:18:35 -
@@ -611,7 +611,7 @@
}
} else if (idm-idm_list F_LIST(i)) {
if (aldap_match_entry(m, attrs[j++],
ldap_attrs) == -1)
- goto next_grpentry;
+ continue;
if (ldap_attrs[0] == NULL)
goto next_grpentry;
for (k = 0; k = 0 ldap_attrs[k] != NULL;
k++) {
On 10/14/10 20:15, John Danks wrote:
I'm attempting to setup OpenLDAP, Samba and ypldap on 4.7. OpenLDAP is
up and running along with Samba, and I've used the smbldap tools to
populate the directory.
I'm having trouble getting the full list of LDAP groups with getent.
At first I ran getent group and didn't see any of the LDAP groups.
Then I noticed that the ypldap.conf example uses basedn
ou=Users,dc=domain,dc=tld, so I changed it to basedn
dc=domain,dc=tld. Now getent group shows only the first of the LDAP
groups:
# getent group
...
nogroup:*:32766
nobody:*:32767
_openldap:*:544
_dbus:*:572
_avahi:*:629
_avahi-autoipd:*:630
_cups:*:541
Domain Admins:*:512:root
I ran the equivalent search that ypldap was doing (based on watching
OpenLDAP in the foreground) and got the full list of groups. So it
looks like something between OpenLDAP and ypldap isn't working quite
right. I looked at the changes to ypldap since 4.7 and there doesn't
seem to be anything relevant.
I'm out of ideas for troubleshooting short of trying a snapshot, which
I'll try later today.
Any ideas where to look next?
Here's my ypldap.conf:
domain pmh.org
interval 30
provide map passwd.byname
provide map passwd.byuid
provide map group.byname
provide map group.bygid
directory ldap.pmh.org {
binddn cn=Manager,dc=pmh,dc=org
bindcred secret
# basedn ou=Users,dc=pmh,dc=org
basedn dc=pmh,dc=org
passwd filter (objectClass=posixAccount)
attribute name maps to uid
fixed attribute passwd *
attribute uid maps to uidNumber
attribute gid maps to gidNumber
attribute gecos maps to cn
attribute home maps to homeDirectory
fixed attribute shell loginShell
fixed attribute change 0
fixed attribute expire 0
fixed attribute class ldap
group filter (objectClass=posixGroup)
attribute groupname maps to cn
fixed attribute grouppasswd *
attribute groupgid maps to gidNumber
list groupmembers maps to memberUid
}
And dmesg:
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class, 128KB L2 cache) 898 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
R,SSE
real mem = 266694656 (254MB)
avail mem = 249700352 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/23/01, BIOS32 rev. 0 @ 0xfda74,
SMBIOS
rev. 2.3 @ 0xf0ff0 (49 entries)
bios0: vendor Intel Corp. version CB81010A.15A.0026.P05.0108230926 date
08/23/
2001
bios0: Gateway E-1600
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3370/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x1000 0xcd000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82810E Host rev 0x03
vga1 at pci0 dev 1 function 0 Intel 82810E Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
fxp0 at pci1 dev 8 function 0 Intel 82562 rev 0x01, i82562: irq 5, address
00:
03:47:a3:9b:b8
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02:
Re: Trouble getting groups through ypldap
On Thu, Oct 14, 2010 at 2:38 PM, Nigel Taylor njtay...@asterisk.demon.co.uk wrote: It could be the groups your missing have no members, which fails to output the group. You can confirm this my adding a user to one of the groups, and see if the group is displayed. This following change, rather than skipping output of the group, outputs group with a null list of members. Thanks, that was the problem. Adding a member to the groups made them show up through getent.
