[Samba] nsswitch not working for ldap
Craig White
craigwhite at azapple.com
Fri Nov 18 14:30:37 GMT 2005
On Fri, 2005-11-18 at 14:05 +0000, Tony Austin wrote:
> > On Fri, 2005-11-18 at 13:32 +0000, Tony Austin wrote:
> >> I am following the instruction in Samba by Example chapter 6 on a RHEL4
> >> server. Everything seems OK until I get to 6.3.5.7, which says to do
> >> the
> >> following:-
> >>
> >> root# getent passwd | grep Adminstrator
> >>
> >> which returns nothing, indicating that the nsswitch (nss_ldap libary) is
> >> not working.
> >>
> >> I cannot find anything in any of the log files to give my a clue nor any
> >> hints on how to debug this.
> >>
> >> Any suggestions?
> >>
> > ----
> > redhat? version?
> >
>
> Enterprise Linux El version 4 64-bit
----
thanks - that helps
----
>
> > does 'by Example' really suggest using ldbm?
> >
>
> No. It's my first go with LDAP and I copied it from a working RHEL3 config.
----
ldbm will probably ultimately make you crazy. Continue playing with ldbm
if you wish but consider using bdb instead...
the following changes would need to be made
to slapd.conf
-------------
# just below schema includes...
allow bind_v2 bind_anon_dn
# at the bottom of the file
# Set the entry cache size to 5000.
#
cachesize 5000
# Set transactional checkpoint.
#
checkpoint 512 720
create a file called DB_CONFIG and put it into your ldap-data directory
(/var/lib/ldap as defined in your supplied information)
#
# Set the database in memory cache size.
#
set_cachesize 0 52428800 0
# Automatically remove log files that are no longer needed.
set_flags DB_LOG_AUTOREMOVE
#
# Set database flags.
# (for database loading/reindexing)
#set_flags DB_TXN_NOSYNC
#set_flags DB_TXN_NOT_DURABLE
# Set log values.
#
set_lg_regionmax 1048576
set_lg_max 10485760
set_lg_bsize 2097152
-----
and whether you use ldbm or bdb...make sure that /etc/openldap/ldap.conf
has at the very least...
HOST 127.0.0.1
BASE dc=phoenixinteriorsltd,dc=com
-----
you need to be able to at least perform the search as I showed you.
ldapsearch -x -h localhost \
-D 'cn=Manager,dc=phoenixinteriorsltd,dc=com' \
-W '(objectclass=*)'
and get results?
----
did you set rootdn password properly?
from command line...
# slappasswd -s my_password
{SSHA}e+sgS1WyGdXLEd7K+rVK3H/swmsS81Sg
and copy/paste that into slapd.conf
rootpw {SSHA}e+sgS1WyGdXLEd7K+rVK3H/swmsS81Sg
-----
>
> > can you perform base search from command line?
> >
> > ldapsearch -x -h localhost \
> > -D 'cn=Manager,dc=phoenixinteriorsltd,dc=com' \
> > -W '(objectclass=*)'
> >
> > and get results?
> >
>
> No. I get:-
>
> [root at localhost]# ldapsearch -x -h localhost -D
> 'cn=Manager,dc=phoenixinteriorsltd,dc=com' -W '(objectclass=*)'
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
>
> But I do get results with:-
>
> [root at localhost]# ldapsearch -x -b "dc=phoenixinteriorsltd,dc=com"
> "(ObjectClass=*)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=phoenixinteriorsltd,dc=com> with scope sub
> # filter: (ObjectClass=*)
> # requesting: ALL
> #
>
> # phoenixinteriorsltd.com
> dn: dc=phoenixinteriorsltd,dc=com
----
OK - either an authentication problem or a lack of data problem...let's
set up ldap logging.
**** add these two lines to /etc/syslog.conf ****
local4.* /var/log/slapd.log
# service syslog restart
**** change loglevel in slapd.conf to 256 ****
( I see you've already set it to 256 )
# service ldap restart
Now ldap stuff logs to /var/log/slapd.log
Now you can try to connect and review slapd logs to see what it's doing.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list