<div class="gmail_quote">Hi<br><br>2010/5/3 Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>> We are having trouble since we have updated from version 1.1.3 to<br>
> 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.<br>
> When we try to make "getent group", we only get one group and its<br>
> members, but no the rest of the groups (should be more than 1000 groups).<br>
</div>What platform? 32-bit or 64-bit?<br>
How many groups? Do you only get this error when you attempt a search<br>
to return this many groups?<br></blockquote><div><br>"getent group" should return the local groups (that are show fine) and about 729 LDAP groups. If I do the same search with the command ldapsearch, all groups and their attributes are returned. All 32 bits (client and server), versions:<br>
<br>Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX 2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010 i686 i686 i386 GNU/Linux<br>Client: CentOS release 5.4 (Final), Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux <br>
<br>When running "getent group", the file /var/log/messages throws theses errors:<br><br>May 3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server ldaps://XXXXXXXXX after 1 attempt<br>May 3 12:37:10 localhost getent: nss_ldap: could not get LDAP result - Timed out<br>
<br>The "Timed out" message is because LDAP server has dropped the connection when it receives "SSL peer reports incorrect Message Authentication Code", and happens (I think) after reading the entry of the first group, so the rest of the groups are not shown.<br>
<br>
<br></div></div>