Hi Nalin, Thanks for the info. I checked /etc/pam_ldap.conf and /etc/nslcd.conf , see below. They seem to be configure correctly but still no joy. Nslcd wasn't running, so I have started it and set chkconfig to on. /etc/pam_ldap.conf : uri ldaps://ukdc1v-dldap04.sf4u.com/ ssl no tls_cacertdir /etc/openldap/cacerts tls_cacertfile /etc/openldap/cacerts/sf4u_CA.crt pam_password md5 /etc/nslcd.conf : uid nslcd gid ldap # This comment prevents repeated auto-migration of settings. uri ldaps://ukdc1v-dldap04.sf4u.com/ base dc=sf4u,dc=com ssl no tls_cacertdir /etc/openldap/cacerts tls_cacertfile /etc/ssl/sf4u_CA.crt "/etc/nslcd.conf" 135L, 4339C /etc/openldap/ldap.conf TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/sf4u_CA.crt URI ldaps://ukdc1v-dldap04.sf4u.com/ BASE dc=sf4u,dc=com -----Original Message----- From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nalin Dahyabhai Sent: 10 June 2013 17:29 To: General discussion list for the 389 Directory server project. Subject: Re: Issue with users and groups On Fri, Jun 07, 2013 at 05:24:19PM +0000, Andy Spooner wrote: > Hi > I have created test users and a group in 389-ds but they do not appear on my test server when I run getent passwd or getent group. Is it possible to provide me with a pointer and how to resolve this issue? > > My test configuration is: > > * 389-ds ldap and a test linux server > > * O/S Rehat 6.4 on all servers > > * SSL enabled. Tested and working > In the outputs below I have replaced the domain name with <myDomain> > and certificate details with myCert > > Ldap.conf > TLS_CACERTDIR /etc/openldap/cacerts > TLS_CACERT /etc/openldap/cacerts/myCert.crt URI > ldaps://ukdc1v-dldap04.<myDoman>.com/ > BASE dc=<myDomain>,dc=com 6.x uses the nslcd daemon (in the nss-pam-ldapd package) for looking up nsswitch information and pam_ldap (in the pam_ldap package) for checking and changing passwords. The nslcd daemon consults /etc/nslcd.conf, and pam_ldap is configured to look at /etc/pam_ldap.conf, so if you've only got your configuration in /etc/ldap.conf, you'll need to add it to the other files. And then make sure that nslcd is started. HTH, Nalin -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users