Re: Issue with users and groups

Andy Spooner <andy.spooner@xxxxxxxx> · Mon, 10 Jun 2013 12:56:21 +0000

Any thoughts as to why the my server is not picking up users and groups from 389-ds?

Are there any test tools I can use to troubleshoot the problem?

From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx
 [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Andy Spooner

Sent: 07 June 2013 18:24

To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx

Subject:  Issue with users and groups

Hi 
I have created test users and a group in 389-ds but they do not appear on my test server when I run getent passwd or getent group.  Is it possible to provide me with a pointer and how to resolve this issue?

My test configuration is:
·        
389-ds ldap and a test linux server
·        
O/S Rehat 6.4 on all servers
·        
SSL enabled. Tested and working  
In the outputs below I  have replaced the domain name with <myDomain> and certificate details with myCert

Ldap.conf 
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/myCert.crt
URI ldaps://ukdc1v-dldap04.<myDoman>.com/
BASE dc=<myDomain>,dc=com

Output from getent group does not display test group Portal 1 (posix group :1010)
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
tty:x:5:
disk:x:6:
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:mail,postfix
uucp:x:14:
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
dbus:x:81:
utmp:x:22:
utempter:x:35:
avahi-autoipd:x:170:
desktop_admin_r:x:499:
desktop_user_r:x:498:
floppy:x:19:
vcsa:x:69:
rpc:x:32:
rtkit:x:497:
abrt:x:173:
cdrom:x:11:
tape:x:33:
dialout:x:18:
cgred:x:496:
haldaemon:x:68:haldaemon
ntp:x:38:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
avahi:x:70:
rpcuser:x:29:
nfsnobody:x:65534:
pulse:x:495:
pulse-access:x:494:
fuse:x:493:
gdm:x:42:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
sshd:x:74:
tcpdump:x:72:
oprofile:x:16:
slocate:x:21:
andy:x:500:
wbpriv:x:88:
nscd:x:28:
ldap:x:55:

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts provides the following output:
mingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

ldapsearch –x provides the output below:
# extended LDIF
#
# LDAPv3
# base <dc=<myDomain>,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# <myDomain>.com
dn: dc=<myDomain>,dc=com
objectClass: top
objectClass: domain
dc: <myDomain>

# Directory Administrators, <myDomain>.com
dn: cn=Directory Administrators,dc=<myDomain>,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager

# Groups, <myDomain>.com
dn: ou=Groups,dc=<myDomain>,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups

# People, <myDomain>.com
dn: ou=People,dc=<myDomain>,dc=com
objectClass: top
objectClass: organizationalunit
ou: People

# Special Users, <myDomain>.com
dn: ou=Special Users,dc=<myDomain>,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts

# Accounting Managers, Groups, <myDomain>.com
dn: cn=Accounting Managers,ou=Groups,dc=<myDomain>,dc=com
objectClass: top
objectClass: groupOfUniqueNames
objectClass: posixgroup
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager
uniqueMember: uid=ASpooner,ou=People,dc=<myDomain>,dc=com
gidNumber: 1001

# HR Managers, Groups, <myDomain>.com
dn: cn=HR Managers,ou=Groups,dc=<myDomain>,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager

# QA Managers, Groups, <myDomain>.com
dn: cn=QA Managers,ou=Groups,dc=<myDomain>,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager

# PD Managers, Groups, <myDomain>.com
dn: cn=PD Managers,ou=Groups,dc=<myDomain>,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager

# ASpooner, People, <myDomain>.com
dn: uid=ASpooner,ou=People,dc=<myDomain>,dc=com
givenName: Test
sn: User2
uidNumber: 1001
gidNumber: 1001
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: tuser2
cn: test user2
homeDirectory: /home/testuser2

# Portal 1, Groups, <myDomain>.com
dn: cn=Portal 1,ou=Groups,dc=<myDomain>,dc=com
gidNumber: 1010
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: Portal 1
description:: VGVzdCBwb3J0YWwg

# testuser3, People, <myDomain>.com
dn: uid=testuser3,ou=People,dc=<myDomain>,dc=com
givenName: Test
sn: User3
loginShell: /bin/bash
gidNumber: 1010
uidNumber: 1010
mail: user3@xxxxxxxxx
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: testuser3
cn: Test User3
homeDirectory: /home/tuser3
gecos: User 3

# nsAccountInactivationTmp, <myDomain>.com
dn: cn=nsAccountInactivationTmp,dc=<myDomain>,dc=com
objectClass: top
objectClass: nscontainer
cn: nsAccountInactivationTmp

# search result
search: 2
result: 0 Success

# numResponses: 14
# numEntries: 13

dn:
namingContexts: dc=<myDomain,dc=com
namingContexts: o=netscaperoot

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Kind regards
Andy

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users