User acounts caching somewhere, but where?
Kevin Fries
Kevin at hcico.com
Thu Jan 27 21:41:18 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think I have some data caching, but I am unsure where. All the source
locations for user accounts all appear to be correct, but the system is
holding on to old information... Out of ideas, anyone else seen this?
2 users: MMH and JZP. MMH is no longer employed here and was replaced
by JZP.
On our internal server:
~ - FC2
~ - System accounts in passwd/shadow
~ - User accounts in Open LDAP via the PADL tools
- ----------
~ # grep ^passwd /etc/nsswitch.conf
~ passwd: files ldap
~ # grep ^shadow /etc/nsswitch.conf
~ shadow: files ldap
~ # grep ^host /etc/ldap.conf
~ host 127.0.0.1
~ # grep ^MMH /etc/passwd
~ # grep ^JZP /etc/passwd
~ # getent passwd MMH
~ # getent passwd JZP
~ JZP:x:<user data>
- ----------
This is perfect, the ex-employee is gone, the new employee is in place.
~ Exactly as it should me.
Now our mail server:
~ - FC3
~ - System accounts in passwd/shadow
~ - User accounts (mail/ftp/etc) in LDAP via the PADL tools
- ----------
~ # grep ^passwd /etc/nsswitch.conf
~ passwd: files ldap
~ # grep ^shadow /etc/nsswitch.conf
~ shadow: files ldap
~ # grep ^host /etc/ldap.conf
~ host localhost, 192.168.254.22
~ # grep ^MMH /etc/passwd
~ # grep ^JZP /etc/passwd
~ # getent passwd MMH
~ MMH:x:<user information for ex-employee>
~ # getent passwd JZP
- ----------
The only difference other than the result is the host line in
/etc/ldap.conf. 192.168.254.22 is the ip of the other server, but that
server is used only in failover. It will try to use the local cached
copy first. So, my next diagnostics was pointed to the LDAP server.
Internal Server:
~ # ldapsearch -x -LLL -h localhost uid=MMH uid
~ # ldapsearch -x -LLL -h localhost uid=JZP uid
~ dn: <obscured but correct>
~ uid: JZP
Mail Server:
~ # ldapsearch -x -LLL -h localhost uid=MMH uid
~ # ldapsearch -x -LLL -h localhost uid=JZP uid
~ dn: <obscured but correct>
~ uid: JZP
~ # ldapsearch -x -LLL -h 192.168.254.22 uid=MMH uid
~ # ldapsearch -x -LLL -h 192.168.254.22 uid=JZP uid
~ dn: <obscured but correct>
~ uid: JZP
OK, anybody have any idea where the Mail server is getting the incorrect
user account data from? If you want to see even more fun, I can ask
getent for the entire passwd user database, and it will show me both
local and LDAP accounts. If I grep the results for MMH, it will tell me
there is none. However, if I enter MMH in as the key to search for, it
finds it despite not being in the list. JZP acts the same way in reverse.
Mail Server:
~ # getent passwd | grep MMH
~ # getent passwd MMH
~ MMH:x:<user info>
~ # getent passwd | grep JZP
~ JZP:x:<again obscured>
~ # getent passwd JZP
~ # getent passwd | grep root
~ root:x:<obscured>
~ operator:x:<obscured>
~ # getent passwd | grep kevin
~ kevin:x:<obscured>
How is this even possible????
the same thing is happening with the groups. MMH is still showing up in
groups, JZP is not, except all the source locations have JZP not MMH
stored as data.
Where the heck is this old data coming from? Any clues?
- --
Kevin Fries
Network Administrator
Hydrologic Consultants, Inc of Colorado
(303) 969-8033 FAX: (303) 969-8357
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB+V/+iFq1Eo16+CgRAsrtAKCi8I+/gQoBgbxk6FLnKwSM/UMsxACghXSu
M8rzOGp/6Jezi+EtG/wTx1c=
=qPqG
-----END PGP SIGNATURE-----
More information about the users
mailing list