[389-users] Issue with users and groups

Andy Spooner andy.spooner at sf4u.com
Mon Jun 10 18:04:30 UTC 2013

Hi Nalin,
Thanks for the info. I checked /etc/pam_ldap.conf and /etc/nslcd.conf , see below. They seem to be configure correctly but still no joy. Nslcd wasn't running, so I have started it and set chkconfig to on.

/etc/pam_ldap.conf :
uri ldaps://ukdc1v-dldap04.sf4u.com/
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/sf4u_CA.crt
pam_password md5

/etc/nslcd.conf :
uid nslcd
gid ldap
# This comment prevents repeated auto-migration of settings.
uri ldaps://ukdc1v-dldap04.sf4u.com/
base dc=sf4u,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/ssl/sf4u_CA.crt
"/etc/nslcd.conf" 135L, 4339C

TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/sf4u_CA.crt
URI ldaps://ukdc1v-dldap04.sf4u.com/
BASE dc=sf4u,dc=com

-----Original Message-----
From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Nalin Dahyabhai
Sent: 10 June 2013 17:29
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Issue with users and groups

On Fri, Jun 07, 2013 at 05:24:19PM +0000, Andy Spooner wrote:
> Hi
> I have created test users and a group in 389-ds but they do not appear on my test server when I run getent passwd or getent group.  Is it possible to provide me with a pointer and how to resolve this issue?
> My test configuration is:
> *         389-ds ldap and a test linux server
> *         O/S Rehat 6.4 on all servers
> *         SSL enabled. Tested and working
> In the outputs below I  have replaced the domain name with <myDomain> 
> and certificate details with myCert
> Ldap.conf
> TLS_CACERTDIR /etc/openldap/cacerts
> TLS_CACERT /etc/openldap/cacerts/myCert.crt URI 
> ldaps://ukdc1v-dldap04.<myDoman>.com/
> BASE dc=<myDomain>,dc=com


6.x uses the nslcd daemon (in the nss-pam-ldapd package) for looking up nsswitch information and pam_ldap (in the pam_ldap package) for checking and changing passwords.

The nslcd daemon consults /etc/nslcd.conf, and pam_ldap is configured to look at /etc/pam_ldap.conf, so if you've only got your configuration in /etc/ldap.conf, you'll need to add it to the other files.  And then make sure that nslcd is started.


389 users mailing list
389-users at lists.fedoraproject.org

More information about the 389-users mailing list