Use sssd with clients to connect 389-ds, one guide here:
http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html sssd is the preferred way currently. -Vesa On 06/10/2013 03:56 PM, Andy Spooner wrote:
Any thoughts as to why the my server is not picking up users and groups from 389-ds? Are there any test tools I can use to troubleshoot the problem? *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Andy Spooner *Sent:* 07 June 2013 18:24 *To:* 389-users@lists.fedoraproject.org *Subject:* [389-users] Issue with users and groups Hi I have created test users and a group in 389-ds but they do not appear on my test server when I run getent passwd or getent group. Is it possible to provide me with a pointer and how to resolve this issue? My test configuration is: ·389-ds ldap and a test linux server ·O/S Rehat 6.4 on all servers ·SSL enabled. Tested and working In the outputs below I have replaced the domain name with <myDomain> and certificate details with myCert Ldap.conf TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/myCert.crt URI ldaps://ukdc1v-dldap04.<myDoman>.com/ BASE dc=<myDomain>,dc=com Output from getent group does not display test group Portal 1 (posix group :1010) root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: dbus:x:81: utmp:x:22: utempter:x:35: avahi-autoipd:x:170: desktop_admin_r:x:499: desktop_user_r:x:498: floppy:x:19: vcsa:x:69: rpc:x:32: rtkit:x:497: abrt:x:173: cdrom:x:11: tape:x:33: dialout:x:18: cgred:x:496: haldaemon:x:68:haldaemon ntp:x:38: saslauth:x:76: postdrop:x:90: postfix:x:89: avahi:x:70: rpcuser:x:29: nfsnobody:x:65534: pulse:x:495: pulse-access:x:494: fuse:x:493: gdm:x:42: stapusr:x:156: stapsys:x:157: stapdev:x:158: sshd:x:74: tcpdump:x:72: oprofile:x:16: slocate:x:21: andy:x:500: wbpriv:x:88: nscd:x:28: ldap:x:55: ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts provides the following output: mingContexts # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts # ldapsearch –x provides the output below: # extended LDIF # # LDAPv3 # base <dc=<myDomain>,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # <myDomain>.com dn: dc=<myDomain>,dc=com objectClass: top objectClass: domain dc: <myDomain> # Directory Administrators, <myDomain>.com dn: cn=Directory Administrators,dc=<myDomain>,dc=com objectClass: top objectClass: groupofuniquenames cn: Directory Administrators uniqueMember: cn=Directory Manager # Groups, <myDomain>.com dn: ou=Groups,dc=<myDomain>,dc=com objectClass: top objectClass: organizationalunit ou: Groups # People, <myDomain>.com dn: ou=People,dc=<myDomain>,dc=com objectClass: top objectClass: organizationalunit ou: People # Special Users, <myDomain>.com dn: ou=Special Users,dc=<myDomain>,dc=com objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts # Accounting Managers, Groups, <myDomain>.com dn: cn=Accounting Managers,ou=Groups,dc=<myDomain>,dc=com objectClass: top objectClass: groupOfUniqueNames objectClass: posixgroup cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=Directory Manager uniqueMember: uid=ASpooner,ou=People,dc=<myDomain>,dc=com gidNumber: 1001 # HR Managers, Groups, <myDomain>.com dn: cn=HR Managers,ou=Groups,dc=<myDomain>,dc=com objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=Directory Manager # QA Managers, Groups, <myDomain>.com dn: cn=QA Managers,ou=Groups,dc=<myDomain>,dc=com objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=Directory Manager # PD Managers, Groups, <myDomain>.com dn: cn=PD Managers,ou=Groups,dc=<myDomain>,dc=com objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=Directory Manager # ASpooner, People, <myDomain>.com dn: uid=ASpooner,ou=People,dc=<myDomain>,dc=com givenName: Test sn: User2 uidNumber: 1001 gidNumber: 1001 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: tuser2 cn: test user2 homeDirectory: /home/testuser2 # Portal 1, Groups, <myDomain>.com dn: cn=Portal 1,ou=Groups,dc=<myDomain>,dc=com gidNumber: 1010 objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: Portal 1 description:: VGVzdCBwb3J0YWwg # testuser3, People, <myDomain>.com dn: uid=testuser3,ou=People,dc=<myDomain>,dc=com givenName: Test sn: User3 loginShell: /bin/bash gidNumber: 1010 uidNumber: 1010 mail: us...@yahoo.com <mailto:us...@yahoo.com> objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: testuser3 cn: Test User3 homeDirectory: /home/tuser3 gecos: User 3 # nsAccountInactivationTmp, <myDomain>.com dn: cn=nsAccountInactivationTmp,dc=<myDomain>,dc=com objectClass: top objectClass: nscontainer cn: nsAccountInactivationTmp # search result search: 2 result: 0 Success # numResponses: 14 # numEntries: 13 dn: namingContexts: dc=<myDomain,dc=com namingContexts: o=netscaperoot # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Kind regards Andy -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
