[Samba] nsswitch not working for ldap

Tony Austin nsswitch.500.jackrabbit at spamgourmet.com
Fri Nov 18 16:36:55 GMT 2005


--------------------------------------------------------------------------

> On Fri, 2005-11-18 at 14:05 +0000, Tony Austin wrote:
>> > On Fri, 2005-11-18 at 13:32 +0000, Tony Austin wrote:
>> >> I am following the instruction in Samba by Example chapter 6 on a
>> RHEL4
>> >> server.  Everything seems OK until I get to 6.3.5.7, which says to
do the
>> >> following:-
>> >>
>> >> root# getent passwd | grep Adminstrator
>> >>
>> >> which returns nothing, indicating that the nsswitch (nss_ldap libary)
>> is
>> >> not working.
>> >>
>> >> I cannot find anything in any of the log files to give my a clue nor
>> any
>> >> hints on how to debug this.
>> >>
>> >> Any suggestions?
>> >>
>> > ----
>> > redhat? version?
>> >
>>
>> Enterprise Linux El version 4 64-bit
> ----
> thanks - that helps
> ----
>>
>> > does 'by Example' really suggest using ldbm?
>> >
>>
>> No.  It's my first go with LDAP and I copied it from a working RHEL3
config.
> ----
> ldbm will probably ultimately make you crazy. Continue playing with ldbm
if you wish but consider using bdb instead...
> the following changes would need to be made
>

I am leaving this as it is for the moment using ldbm, I can come back to
it later.

>
> to slapd.conf
> -------------
> # just below schema includes...
> allow           bind_v2 bind_anon_dn
>
> # at the bottom of the file
> # Set the entry cache size to 5000.
> #
> cachesize       5000
>
> # Set transactional checkpoint.
> #
> checkpoint      512     720
>
> create a file called DB_CONFIG and put it into your ldap-data directory
(/var/lib/ldap as defined in your supplied information)
>
> #
> # Set the database in memory cache size.
> #
> set_cachesize   0       52428800        0
>
> # Automatically remove log files that are no longer needed.
> set_flags DB_LOG_AUTOREMOVE
>
> #
> # Set database flags.
> # (for database loading/reindexing)
> #set_flags       DB_TXN_NOSYNC
> #set_flags DB_TXN_NOT_DURABLE
>
> # Set log values.
> #
> set_lg_regionmax        1048576
> set_lg_max              10485760
> set_lg_bsize            2097152
> -----
>
> and whether you use ldbm or bdb...make sure that /etc/openldap/ldap.conf
has at the very least...
>
> HOST 127.0.0.1
> BASE dc=phoenixinteriorsltd,dc=com
> -----
>

this was in place already

> you need to be able to at least perform the search as I showed you.
ldapsearch -x -h localhost \
> -D 'cn=Manager,dc=phoenixinteriorsltd,dc=com' \
> -W '(objectclass=*)'
>
> and get results?
>

having followed your next suggestion this now produces results!

>
> did you set rootdn password properly?
>
> from command line...
> # slappasswd -s my_password
> {SSHA}e+sgS1WyGdXLEd7K+rVK3H/swmsS81Sg
>
> and copy/paste that into slapd.conf
>
> rootpw {SSHA}e+sgS1WyGdXLEd7K+rVK3H/swmsS81Sg
>

I had not done this (can't see any mention of slappasswd in 'by Example').

Having done this, your ldapsearch command now works but

root#getent passwd | grep Administrator

still does not.

> OK - either an authentication problem or a lack of data problem...let's
set up ldap logging.
>
> **** add these two lines to /etc/syslog.conf ****
>
> local4.*                                                /var/log/slapd.log
>

you say two lines here but I only see one, did it and logging occurs in
slapd.log

> # service syslog restart
>
> **** change loglevel in slapd.conf to 256 ****
> ( I see you've already set it to 256 )
>
> # service ldap restart
>
> Now ldap stuff logs to /var/log/slapd.log
>
> Now you can try to connect and review slapd logs to see what it's doing.
>

root#ldapsearch -x -h localhost \
 -D 'cn=Manager,dc=phoenixinteriorsltd,dc=com' \
 -W '(objectclass=*)'

logs as:-

Nov 18 09:41:09 localhost slapd[12149]: conn=1 fd=8 ACCEPT from
IP=127.0.0.1:33899 (IP=0.0.0.0:389)
Nov 18 09:41:09 localhost slapd[12149]: conn=1 op=0 BIND
dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" method=128
Nov 18 09:41:09 localhost slapd[12149]: conn=1 op=0 BIND
dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" mech=SIMPLE ssf=0
Nov 18 09:41:09 localhost slapd[12149]: conn=1 op=0 RESULT tag=97 err=0
text= Nov 18 09:41:09 localhost slapd[12149]: conn=1 op=1 SRCH
base="dc=phoenixinteriorsltd,dc=com" scope=2 deref=0
filter="(objectClass=*)" Nov 18 09:41:09 localhost slapd[12149]: conn=1
op=1 SEARCH RESULT tag=101 err=4 nentries=12 text=
Nov 18 09:41:09 localhost slapd[12149]: conn=1 op=2 UNBIND Nov 18 09:41:09
localhost slapd[12149]: conn=1 fd=8 closed

root#getent passwd

logs as:-

Nov 18 09:41:52 localhost slapd[12149]: conn=2 fd=8 ACCEPT from
IP=127.0.0.1:33902 (IP=0.0.0.0:389)
Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=0 BIND
dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" method=128
Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=0 BIND
dn="cn=Manager,dc=phoenixinteriorsltd,dc=com" mech=SIMPLE ssf=0
Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=0 RESULT tag=97 err=0
text= Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=1 SRCH
base="ou=People,dc=phoenixinteriorsltd,dc=com" scope=1 deref=0
filter="(objectClass=posixAccount)"
Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Nov 18 09:41:52 localhost slapd[12149]: conn=2 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Nov 18 09:41:52 localhost slapd[12149]: conn=2 fd=8 closed

Tony




More information about the samba mailing list