Hi

2010/5/3 Rich Megginson <rmeggins@redhat.com>
> We are having trouble since we have updated from version 1.1.3 to
> 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
> When we try to make "getent group", we only get one group and its
> members, but no the rest of the groups (should be more than 1000 groups).
What platform?  32-bit or 64-bit?
How many groups?  Do you only get this error when you attempt a search
to return this many groups?

"getent group" should return the local groups (that are show fine) and about 729 LDAP groups. If I do the same search with the command ldapsearch, all groups and their attributes are returned. All 32 bits (client and server), versions:

Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX 2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010 i686 i686 i386 GNU/Linux
Client: CentOS release 5.4 (Final), Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux

When running "getent group", the file /var/log/messages throws theses errors:

May  3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server ldaps://XXXXXXXXX after 1 attempt
May  3 12:37:10 localhost getent: nss_ldap: could not get LDAP result - Timed out

The "Timed out" message is because LDAP server has dropped the connection when it receives "SSL peer reports incorrect Message Authentication Code", and happens (I think) after reading the entry of the first group, so the rest of the groups are not shown.