Re: Issue with users and groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Nalin,
Thanks for the info. I checked /etc/pam_ldap.conf and /etc/nslcd.conf , see below. They seem to be configure correctly but still no joy. Nslcd wasn't running, so I have started it and set chkconfig to on.

/etc/pam_ldap.conf :
uri ldaps://ukdc1v-dldap04.sf4u.com/
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/sf4u_CA.crt
pam_password md5

/etc/nslcd.conf :
uid nslcd
gid ldap
# This comment prevents repeated auto-migration of settings.
uri ldaps://ukdc1v-dldap04.sf4u.com/
base dc=sf4u,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/ssl/sf4u_CA.crt
"/etc/nslcd.conf" 135L, 4339C

/etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/sf4u_CA.crt
URI ldaps://ukdc1v-dldap04.sf4u.com/
BASE dc=sf4u,dc=com


-----Original Message-----
From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nalin Dahyabhai
Sent: 10 June 2013 17:29
To: General discussion list for the 389 Directory server project.
Subject: Re:  Issue with users and groups

On Fri, Jun 07, 2013 at 05:24:19PM +0000, Andy Spooner wrote:
> Hi
> I have created test users and a group in 389-ds but they do not appear on my test server when I run getent passwd or getent group.  Is it possible to provide me with a pointer and how to resolve this issue?
> 
> My test configuration is:
> 
> *         389-ds ldap and a test linux server
> 
> *         O/S Rehat 6.4 on all servers
> 
> *         SSL enabled. Tested and working
> In the outputs below I  have replaced the domain name with <myDomain> 
> and certificate details with myCert
> 
> Ldap.conf
> TLS_CACERTDIR /etc/openldap/cacerts
> TLS_CACERT /etc/openldap/cacerts/myCert.crt URI 
> ldaps://ukdc1v-dldap04.<myDoman>.com/
> BASE dc=<myDomain>,dc=com

       

6.x uses the nslcd daemon (in the nss-pam-ldapd package) for looking up nsswitch information and pam_ldap (in the pam_ldap package) for checking and changing passwords.

The nslcd daemon consults /etc/nslcd.conf, and pam_ldap is configured to look at /etc/pam_ldap.conf, so if you've only got your configuration in /etc/ldap.conf, you'll need to add it to the other files.  And then make sure that nslcd is started.

HTH,

Nalin
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux