[389-users] Issue with users and groups

Andy Spooner andy.spooner at sf4u.com
Mon Jun 10 18:04:17 UTC 2013


Hi Vesa,
Configured sssd as on your website, but still the same problem. I must have done something very basic wrong. Also check the response from Nalin.

-----Original Message-----
From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Vesa Alho
Sent: 10 June 2013 14:01
To: 389-users at lists.fedoraproject.org
Subject: Re: [389-users] Issue with users and groups

Use sssd with clients to connect 389-ds, one guide here:

http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html

sssd is the preferred way currently.

-Vesa


On 06/10/2013 03:56 PM, Andy Spooner wrote:
> Any thoughts as to why the my server is not picking up users and 
> groups from 389-ds?
>
> Are there any test tools I can use to troubleshoot the problem?
>
> *From:*389-users-bounces at lists.fedoraproject.org
> [mailto:389-users-bounces at lists.fedoraproject.org] *On Behalf Of *Andy 
> Spooner
> *Sent:* 07 June 2013 18:24
> *To:* 389-users at lists.fedoraproject.org
> *Subject:* [389-users] Issue with users and groups
>
> Hi
>
> I have created test users and a group in 389-ds but they do not appear 
> on my test server when I run getent passwd or getent group.  Is it 
> possible to provide me with a pointer and how to resolve this issue?
>
> My test configuration is:
>
> ·389-ds ldap and a test linux server
>
> ·O/S Rehat 6.4 on all servers
>
> ·SSL enabled. Tested and working
>
> In the outputs below I  have replaced the domain name with <myDomain> 
> and certificate details with myCert
>
> Ldap.conf
>
> TLS_CACERTDIR /etc/openldap/cacerts
>
> TLS_CACERT /etc/openldap/cacerts/myCert.crt
>
> URI ldaps://ukdc1v-dldap04.<myDoman>.com/
>
> BASE dc=<myDomain>,dc=com
>
> Output from getent group does not display test group Portal 1 (posix 
> group :1010)
>
> root:x:0:
>
> bin:x:1:bin,daemon
>
> daemon:x:2:bin,daemon
>
> sys:x:3:bin,adm
>
> adm:x:4:adm,daemon
>
> tty:x:5:
>
> disk:x:6:
>
> lp:x:7:daemon
>
> mem:x:8:
>
> kmem:x:9:
>
> wheel:x:10:
>
> mail:x:12:mail,postfix
>
> uucp:x:14:
>
> man:x:15:
>
> games:x:20:
>
> gopher:x:30:
>
> video:x:39:
>
> dip:x:40:
>
> ftp:x:50:
>
> lock:x:54:
>
> audio:x:63:
>
> nobody:x:99:
>
> users:x:100:
>
> dbus:x:81:
>
> utmp:x:22:
>
> utempter:x:35:
>
> avahi-autoipd:x:170:
>
> desktop_admin_r:x:499:
>
> desktop_user_r:x:498:
>
> floppy:x:19:
>
> vcsa:x:69:
>
> rpc:x:32:
>
> rtkit:x:497:
>
> abrt:x:173:
>
> cdrom:x:11:
>
> tape:x:33:
>
> dialout:x:18:
>
> cgred:x:496:
>
> haldaemon:x:68:haldaemon
>
> ntp:x:38:
>
> saslauth:x:76:
>
> postdrop:x:90:
>
> postfix:x:89:
>
> avahi:x:70:
>
> rpcuser:x:29:
>
> nfsnobody:x:65534:
>
> pulse:x:495:
>
> pulse-access:x:494:
>
> fuse:x:493:
>
> gdm:x:42:
>
> stapusr:x:156:
>
> stapsys:x:157:
>
> stapdev:x:158:
>
> sshd:x:74:
>
> tcpdump:x:72:
>
> oprofile:x:16:
>
> slocate:x:21:
>
> andy:x:500:
>
> wbpriv:x:88:
>
> nscd:x:28:
>
> ldap:x:55:
>
> ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts provides 
> the following output:
>
> mingContexts
>
> # extended LDIF
>
> #
>
> # LDAPv3
>
> # base <> with scope baseObject
>
> # filter: (objectclass=*)
>
> # requesting: namingContexts
>
> #
>
> ldapsearch –x provides the output below:
>
> # extended LDIF
>
> #
>
> # LDAPv3
>
> # base <dc=<myDomain>,dc=com> (default) with scope subtree
>
> # filter: (objectclass=*)
>
> # requesting: ALL
>
> #
>
> # <myDomain>.com
>
> dn: dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: domain
>
> dc: <myDomain>
>
> # Directory Administrators, <myDomain>.com
>
> dn: cn=Directory Administrators,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: groupofuniquenames
>
> cn: Directory Administrators
>
> uniqueMember: cn=Directory Manager
>
> # Groups, <myDomain>.com
>
> dn: ou=Groups,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: organizationalunit
>
> ou: Groups
>
> # People, <myDomain>.com
>
> dn: ou=People,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: organizationalunit
>
> ou: People
>
> # Special Users, <myDomain>.com
>
> dn: ou=Special Users,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: organizationalUnit
>
> ou: Special Users
>
> description: Special Administrative Accounts
>
> # Accounting Managers, Groups, <myDomain>.com
>
> dn: cn=Accounting Managers,ou=Groups,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: groupOfUniqueNames
>
> objectClass: posixgroup
>
> cn: Accounting Managers
>
> ou: groups
>
> description: People who can manage accounting entries
>
> uniqueMember: cn=Directory Manager
>
> uniqueMember: uid=ASpooner,ou=People,dc=<myDomain>,dc=com
>
> gidNumber: 1001
>
> # HR Managers, Groups, <myDomain>.com
>
> dn: cn=HR Managers,ou=Groups,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: groupOfUniqueNames
>
> cn: HR Managers
>
> ou: groups
>
> description: People who can manage HR entries
>
> uniqueMember: cn=Directory Manager
>
> # QA Managers, Groups, <myDomain>.com
>
> dn: cn=QA Managers,ou=Groups,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: groupOfUniqueNames
>
> cn: QA Managers
>
> ou: groups
>
> description: People who can manage QA entries
>
> uniqueMember: cn=Directory Manager
>
> # PD Managers, Groups, <myDomain>.com
>
> dn: cn=PD Managers,ou=Groups,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: groupOfUniqueNames
>
> cn: PD Managers
>
> ou: groups
>
> description: People who can manage engineer entries
>
> uniqueMember: cn=Directory Manager
>
> # ASpooner, People, <myDomain>.com
>
> dn: uid=ASpooner,ou=People,dc=<myDomain>,dc=com
>
> givenName: Test
>
> sn: User2
>
> uidNumber: 1001
>
> gidNumber: 1001
>
> objectClass: top
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: inetorgperson
>
> objectClass: posixAccount
>
> uid: tuser2
>
> cn: test user2
>
> homeDirectory: /home/testuser2
>
> # Portal 1, Groups, <myDomain>.com
>
> dn: cn=Portal 1,ou=Groups,dc=<myDomain>,dc=com
>
> gidNumber: 1010
>
> objectClass: top
>
> objectClass: groupofuniquenames
>
> objectClass: posixgroup
>
> cn: Portal 1
>
> description:: VGVzdCBwb3J0YWwg
>
> # testuser3, People, <myDomain>.com
>
> dn: uid=testuser3,ou=People,dc=<myDomain>,dc=com
>
> givenName: Test
>
> sn: User3
>
> loginShell: /bin/bash
>
> gidNumber: 1010
>
> uidNumber: 1010
>
> mail: user3 at yahoo.com <mailto:user3 at yahoo.com>
>
> objectClass: top
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: inetorgperson
>
> objectClass: posixAccount
>
> uid: testuser3
>
> cn: Test User3
>
> homeDirectory: /home/tuser3
>
> gecos: User 3
>
> # nsAccountInactivationTmp, <myDomain>.com
>
> dn: cn=nsAccountInactivationTmp,dc=<myDomain>,dc=com
>
> objectClass: top
>
> objectClass: nscontainer
>
> cn: nsAccountInactivationTmp
>
> # search result
>
> search: 2
>
> result: 0 Success
>
> # numResponses: 14
>
> # numEntries: 13
>
> dn:
>
> namingContexts: dc=<myDomain,dc=com
>
> namingContexts: o=netscaperoot
>
> # search result
>
> search: 2
>
> result: 0 Success
>
> # numResponses: 2
>
> # numEntries: 1
>
> Kind regards
>
> Andy
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


More information about the 389-users mailing list