LDAP problem (caused by permissions?)
Mark
msalists at gmx.net
Mon Sep 27 21:58:23 UTC 2004
Hi,
I have LDAP setup to do userid, groupid and password handling for me.
I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
Do I need to add LDAP to any others?
The problem I have is the following:
I can logon with a user (for example bob) that is setup in the LDAP
directory and does not exist locally.
When bob logs in, there is are error messages saying :
id: cannot find name for user ID 20002
id: cannot find name for group ID 20001
id: cannot find name for group ID 20003
id: cannot find name for group ID 20002
id: cannot find name for group ID 20000
If bob does "finger bob" or "groups bob", it says no such user.
If root does "finger bob" or "groups bob", everything comes up fine.
Is this a permission problem that prevents users other than root to use
LDAP?
I have the same setup on a different machine using the same LDAP server
where I do not have this problem.
When I logon as bob and do an ldapsearch on "uid=bob" or "cn=bobsgroup" I
get the same result as root gets for these queries, so the problem must be
the part that receives the LDAP result and does the user/group handling
accordingly.
The 3 files I modifed for this setup are ldap.conf nsswitch.conf and
pam.d/system-auth . Is there any other file involved in this process?
Thanks,
MARK
More information about the users
mailing list