LDAP problem (caused by permissions?)
Harry Hoffman
hhoffman at ip-solutions.net
Wed Sep 29 00:12:11 UTC 2004
Hi Mark,
Make sure that:
nss_base_* are uncommented (at least the ones you need) and make sure
that they have the proper suffixes (i.e. -> not dc=example,dc=com)
HTH,
Harry
>On Mon, 27 Sep 2004 14:58:23 -0700, Mark <msalists at gmx.net> wrote:
>
>
>>Hi,
>>
>>I have LDAP setup to do userid, groupid and password handling for me.
>>I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
>>Do I need to add LDAP to any others?
>>
>>The problem I have is the following:
>>I can logon with a user (for example bob) that is setup in the LDAP
>>directory and does not exist locally.
>>When bob logs in, there is are error messages saying :
>>id: cannot find name for user ID 20002
>>id: cannot find name for group ID 20001
>>id: cannot find name for group ID 20003
>>id: cannot find name for group ID 20002
>>id: cannot find name for group ID 20000
>>
>>If bob does "finger bob" or "groups bob", it says no such user.
>>
>>If root does "finger bob" or "groups bob", everything comes up fine.
>>
>>Is this a permission problem that prevents users other than root to use
>>LDAP?
>>
>>I have the same setup on a different machine using the same LDAP server
>>where I do not have this problem.
>>When I logon as bob and do an ldapsearch on "uid=bob" or "cn=bobsgroup" I
>>get the same result as root gets for these queries, so the problem must be
>>the part that receives the LDAP result and does the user/group handling
>>accordingly.
>>
>>The 3 files I modifed for this setup are ldap.conf nsswitch.conf and
>>pam.d/system-auth . Is there any other file involved in this process?
>>
>>Thanks,
>>
>>MARK
>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>>
More information about the users
mailing list