Juan Asensio Sánchez wrote:
Hi
2010/5/3 Rich Megginson <rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>>
> We are having trouble since we have updated from version 1.1.3 to
> 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients into LDAP.
> When we try to make "getent group", we only get one group and its
> members, but no the rest of the groups (should be more than 1000
groups).
What platform? 32-bit or 64-bit?
How many groups? Do you only get this error when you attempt a search
to return this many groups?
"getent group" should return the local groups (that are show fine) and
about 729 LDAP groups.
How many groups total? Roughly how many members? I'm
trying to get
some idea about how many entries and how many bytes should be returned.
If I do the same search with the command ldapsearch,
ldapsearch
to ldaps://hostname:636/ or ldap://hostname:389/ ?
all groups and their attributes are returned. All 32 bits (client and
server), versions:
Server: CentOS release 5.4 (Final), Linux XXXXXXXXXXXXXXX
2.6.18-164.15.1.el5.centos.plusPAE #1 SMP Wed Mar 17 20:42:15 EDT 2010
i686 i686 i386 GNU/Linux
Client: CentOS release 5.4 (Final), Linux localhost.localdomain
2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386
GNU/Linux
When running "getent group", the file /var/log/messages throws theses
errors:
May 3 12:36:50 localhost getent: nss_ldap: reconnected to LDAP server
ldaps://XXXXXXXXX after 1 attempt
May 3 12:37:10 localhost getent: nss_ldap: could not get LDAP result
- Timed out
The "Timed out" message is because LDAP server has dropped the
connection when it receives "SSL peer reports incorrect Message
Authentication Code", and happens (I think) after reading the entry of
the first group, so the rest of the groups are not shown.
------------------------------------------------------------------------
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users