Hi Vesa, Configured sssd as on your website, but still the same problem. I must have done something very basic wrong. Also check the response from Nalin. -----Original Message----- From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Vesa Alho Sent: 10 June 2013 14:01 To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Issue with users and groups Use sssd with clients to connect 389-ds, one guide here: http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html sssd is the preferred way currently. -Vesa On 06/10/2013 03:56 PM, Andy Spooner wrote: > Any thoughts as to why the my server is not picking up users and > groups from 389-ds? > > Are there any test tools I can use to troubleshoot the problem? > > *From:*389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx > [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] *On Behalf Of *Andy > Spooner > *Sent:* 07 June 2013 18:24 > *To:* 389-users@xxxxxxxxxxxxxxxxxxxxxxx > *Subject:* Issue with users and groups > > Hi > > I have created test users and a group in 389-ds but they do not appear > on my test server when I run getent passwd or getent group. Is it > possible to provide me with a pointer and how to resolve this issue? > > My test configuration is: > > ·389-ds ldap and a test linux server > > ·O/S Rehat 6.4 on all servers > > ·SSL enabled. Tested and working > > In the outputs below I have replaced the domain name with <myDomain> > and certificate details with myCert > > Ldap.conf > > TLS_CACERTDIR /etc/openldap/cacerts > > TLS_CACERT /etc/openldap/cacerts/myCert.crt > > URI ldaps://ukdc1v-dldap04.<myDoman>.com/ > > BASE dc=<myDomain>,dc=com > > Output from getent group does not display test group Portal 1 (posix > group :1010) > > root:x:0: > > bin:x:1:bin,daemon > > daemon:x:2:bin,daemon > > sys:x:3:bin,adm > > adm:x:4:adm,daemon > > tty:x:5: > > disk:x:6: > > lp:x:7:daemon > > mem:x:8: > > kmem:x:9: > > wheel:x:10: > > mail:x:12:mail,postfix > > uucp:x:14: > > man:x:15: > > games:x:20: > > gopher:x:30: > > video:x:39: > > dip:x:40: > > ftp:x:50: > > lock:x:54: > > audio:x:63: > > nobody:x:99: > > users:x:100: > > dbus:x:81: > > utmp:x:22: > > utempter:x:35: > > avahi-autoipd:x:170: > > desktop_admin_r:x:499: > > desktop_user_r:x:498: > > floppy:x:19: > > vcsa:x:69: > > rpc:x:32: > > rtkit:x:497: > > abrt:x:173: > > cdrom:x:11: > > tape:x:33: > > dialout:x:18: > > cgred:x:496: > > haldaemon:x:68:haldaemon > > ntp:x:38: > > saslauth:x:76: > > postdrop:x:90: > > postfix:x:89: > > avahi:x:70: > > rpcuser:x:29: > > nfsnobody:x:65534: > > pulse:x:495: > > pulse-access:x:494: > > fuse:x:493: > > gdm:x:42: > > stapusr:x:156: > > stapsys:x:157: > > stapdev:x:158: > > sshd:x:74: > > tcpdump:x:72: > > oprofile:x:16: > > slocate:x:21: > > andy:x:500: > > wbpriv:x:88: > > nscd:x:28: > > ldap:x:55: > > ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts provides > the following output: > > mingContexts > > # extended LDIF > > # > > # LDAPv3 > > # base <> with scope baseObject > > # filter: (objectclass=*) > > # requesting: namingContexts > > # > > ldapsearch –x provides the output below: > > # extended LDIF > > # > > # LDAPv3 > > # base <dc=<myDomain>,dc=com> (default) with scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > # <myDomain>.com > > dn: dc=<myDomain>,dc=com > > objectClass: top > > objectClass: domain > > dc: <myDomain> > > # Directory Administrators, <myDomain>.com > > dn: cn=Directory Administrators,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: groupofuniquenames > > cn: Directory Administrators > > uniqueMember: cn=Directory Manager > > # Groups, <myDomain>.com > > dn: ou=Groups,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: organizationalunit > > ou: Groups > > # People, <myDomain>.com > > dn: ou=People,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: organizationalunit > > ou: People > > # Special Users, <myDomain>.com > > dn: ou=Special Users,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: organizationalUnit > > ou: Special Users > > description: Special Administrative Accounts > > # Accounting Managers, Groups, <myDomain>.com > > dn: cn=Accounting Managers,ou=Groups,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: groupOfUniqueNames > > objectClass: posixgroup > > cn: Accounting Managers > > ou: groups > > description: People who can manage accounting entries > > uniqueMember: cn=Directory Manager > > uniqueMember: uid=ASpooner,ou=People,dc=<myDomain>,dc=com > > gidNumber: 1001 > > # HR Managers, Groups, <myDomain>.com > > dn: cn=HR Managers,ou=Groups,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: groupOfUniqueNames > > cn: HR Managers > > ou: groups > > description: People who can manage HR entries > > uniqueMember: cn=Directory Manager > > # QA Managers, Groups, <myDomain>.com > > dn: cn=QA Managers,ou=Groups,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: groupOfUniqueNames > > cn: QA Managers > > ou: groups > > description: People who can manage QA entries > > uniqueMember: cn=Directory Manager > > # PD Managers, Groups, <myDomain>.com > > dn: cn=PD Managers,ou=Groups,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: groupOfUniqueNames > > cn: PD Managers > > ou: groups > > description: People who can manage engineer entries > > uniqueMember: cn=Directory Manager > > # ASpooner, People, <myDomain>.com > > dn: uid=ASpooner,ou=People,dc=<myDomain>,dc=com > > givenName: Test > > sn: User2 > > uidNumber: 1001 > > gidNumber: 1001 > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetorgperson > > objectClass: posixAccount > > uid: tuser2 > > cn: test user2 > > homeDirectory: /home/testuser2 > > # Portal 1, Groups, <myDomain>.com > > dn: cn=Portal 1,ou=Groups,dc=<myDomain>,dc=com > > gidNumber: 1010 > > objectClass: top > > objectClass: groupofuniquenames > > objectClass: posixgroup > > cn: Portal 1 > > description:: VGVzdCBwb3J0YWwg > > # testuser3, People, <myDomain>.com > > dn: uid=testuser3,ou=People,dc=<myDomain>,dc=com > > givenName: Test > > sn: User3 > > loginShell: /bin/bash > > gidNumber: 1010 > > uidNumber: 1010 > > mail: user3@xxxxxxxxx <mailto:user3@xxxxxxxxx> > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetorgperson > > objectClass: posixAccount > > uid: testuser3 > > cn: Test User3 > > homeDirectory: /home/tuser3 > > gecos: User 3 > > # nsAccountInactivationTmp, <myDomain>.com > > dn: cn=nsAccountInactivationTmp,dc=<myDomain>,dc=com > > objectClass: top > > objectClass: nscontainer > > cn: nsAccountInactivationTmp > > # search result > > search: 2 > > result: 0 Success > > # numResponses: 14 > > # numEntries: 13 > > dn: > > namingContexts: dc=<myDomain,dc=com > > namingContexts: o=netscaperoot > > # search result > > search: 2 > > result: 0 Success > > # numResponses: 2 > > # numEntries: 1 > > Kind regards > > Andy > > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
