[Samba] What is wrong with my nslcd configuration?

John Lewis oflameo2 at gmail.com
Sun Oct 5 08:27:52 MDT 2014

I can't get my domain users presented to my local machine with getent
passwd and the wiki
doesn't give me any steps troubleshoot this issue. My best guess it that
I configured the user account incorrectly or I configured nslcd
incorrectly. I can't exactly see what is the problem.

I get these messages from nslcd when I started it in debug mode and ran
getent passwd.

nslcd: [7b23c6] DEBUG: connection from pid=19355 uid=500 gid=0
nslcd: [7b23c6] <passwd(all)> DEBUG:
myldap_search(base="dc=CORP,dc=oflameo,dc=com", filter="(objectClass=user)")
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
CN=DRAKEBURNER,OU=Domain Controllers,DC=corp,DC=oflameo,DC=com
nslcd: [7b23c6] <passwd(all)> CN=DRAKEBURNER,OU=Domain
Controllers,DC=corp,DC=oflameo,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
nslcd: [7b23c6] <passwd(all)>
CN=Administrator,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
nslcd: [7b23c6] <passwd(all)>
CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
nslcd: [7b23c6] <passwd(all)>
CN=krbtgt,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
nslcd: [7b23c6] <passwd(all)>
CN=Guest,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result(): end of results (5 total)

This is the ldif of the user account I created.

dictator at drakeburner:~/samba/ldap$ cat ldap-connect.ldif
# extended LDIF
# LDAPv3
# base <cn=ldap-connect,cn=Users,dc=corp,dc=oflameo,dc=com> with scope
# filter: (objectclass=*)
# requesting: ALL

# ldap-connect, Users, corp.oflameo.com
dn: CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ldap-connect
instanceType: 4
whenCreated: 20141001025044.0Z
uSNCreated: 3769
name: ldap-connect
objectGUID:: h5Ml10kKGk+tnk+yUkmSbA==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: ldap-connect
sAMAccountType: 805306368
userAccountControl: 512
pwdLastSet: 130566324840000000
homeDirectory:: IA==
whenChanged: 20141005131318.0Z
uSNChanged: 3777
distinguishedName: CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Here is my nslcd.conf

dictator at drakeburner:~/samba/ldap$ cat /etc/nslcd.conf
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://

# The search base that will be used for all queries.
base dc=CORP,dc=oflameo,dc=com

# Some seting for AD
pagesize 1000
referrals off

# Filters (only required if your accounts doesn't have
# and your groups haven't objectClass=posixGroup. This objectClasses
won't be added
# by ADUC. So they won't be there automatically!)
filter  passwd  (objectClass=user)
filter  group   (objectClass=group)

# Attribut mappings (depending on your nslcd version, some might not be
# necessary or can cause errors and can/must be removed)
map     passwd  uid                sAMAccountName
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     group   member             member

# Kerberos
#sasl_mech GSSAPI
#sasl_realm CORP.OFLAMEO.COM
#krb5_ccname /tmp/nslcd.tkt

# The LDAP protocol version to use.
#ldap_version 3

# LDAP bind (Account in AD that is used from nslcd to bind to the directory)
binddn cn=ldap-connect,cn=Users,dc=corp,dc=oflameo,dc=com
bindpw icanread33#

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub

More information about the samba mailing list