Found it. It turns out that the config file for libnss-ldap is /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the config that I had been in /etc/ldap/ldap.conf and taking it from /etc/libnss-ldap.conf. The former had this "nss_base_group ou=Groups,dc=example,dc=co,dc=uk?sub" and the latter this nss_base_group ou=group,dc=example,dc=co,dc=uk?one. Once I edited group to Groups, it started working. Package: libnss-ldap Priority: extra Section: net Installed-Size: 304 Maintainer: Richard A Nelson (Rick) <...> Architecture: amd64 Version: 261-2.1 Depends: libc6 (>= 2.7-1), libcomerr2 (>= 1.01), libkrb53 (>1.6.dfsg.2), libldap-2.4-2 (>= 2.4.7), libsasl2-2, debconf | debconf-2.0 Recommends: nscd, libpam-ldap ... Hope that saves someone the (huge) amount of time it's taken me to figure out where this problem was. Thanks, Dermot.
Nice find! good work Aly Sent from my BlackBerry device on the Rogers Wireless Network -----Original Message----- From: Dermot <paikkos at googlemail.com> Sender: samba-bounces at lists.samba.org Date: Thu, 23 Jun 2011 13:00:55 To: <samba at lists.samba.org> Subject: [Samba] Fwd: getent group fails - fixed Found it. It turns out that the config file for libnss-ldap is /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the config that I had been in /etc/ldap/ldap.conf and taking it from /etc/libnss-ldap.conf. The former had this "nss_base_group ou=Groups,dc=example,dc=co,dc=uk?sub" and the latter this nss_base_group ou=group,dc=example,dc=co,dc=uk?one. Once I edited group to Groups, it started working. Package: libnss-ldap Priority: extra Section: net Installed-Size: 304 Maintainer: Richard A Nelson (Rick) <...> Architecture: amd64 Version: 261-2.1 Depends: libc6 (>= 2.7-1), libcomerr2 (>= 1.01), libkrb53 (>1.6.dfsg.2), libldap-2.4-2 (>= 2.4.7), libsasl2-2, debconf | debconf-2.0 Recommends: nscd, libpam-ldap ... Hope that saves someone the (huge) amount of time it's taken me to figure out where this problem was. Thanks, Dermot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Thu, Jun 23, 2011 at 01:00:55PM +0100, Dermot wrote:> Found it. > > It turns out that the config file for libnss-ldap is > /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the > config that I had been in /etc/ldap/ldap.conf and taking it from > /etc/libnss-ldap.conf.As far as I'm aware, most of the distributions use a separate configuration file for libnss-ldap, allowing /etc/ldap/ldap.conf to be used for the generic configuration of user ldap searches (as it is intended) and not have those constrained by the very specific needs of nsswitch. This separation is more than just a convenience. At my workplace, I have an LDAP directory as the backing for nsswitch and as the passdb/idmap backend for Samba. Samba's ldap searches are affected by anything that goes into /etc/ldap/ldap.conf, which would cause problems if the nsswitch-specific settings had to be stored there. -- Bruce Vajazzle - giving new meaning to the phrase "I'll scratch your eyes out".
Apparently Analagous Threads
- samba ldap pdc w/unix accounts: local unix and ldap unix users can't resolve uids to names on the server
- failing to get AD users (getent passwd DMYDOM\a-sdettmer)
- getent passwd blank response
- Problem with OpenLDAP/Samba/NSS -> ERROR : User xxx in passdb, but getpwnam() fails!
- Debian Dovecot Repo and Lenny