On Thu, 2003-11-20 at 12:25, Nalin Dahyabhai wrote: > What info are you getting from the LDAP server (LDIF would be helpful > here)? Does it conform to the posixAccount schema? What are the host > and base DN you're configuring nss_ldap to search with, and how did you > invoke ldapsearch to troubleshoot it? > > Cheers, > > Nalin I can pull an entire record from LDAP. The server is actually Win2K using Active Directory, but using the AD4Unix schema, so there is a mapping for posixAccount to User, but the relevant username/passwords work on a RH7.3 machine and a RH8 machine with an identical config in /etc/ldap.conf and /etc/openldap/ldap.conf The host I'm searching against is 192.168.2.xx, and the base DN is dc=company,dc=com - the scope is sub. Here are the relevant schema mappings: nss_base_passwd dc=company,dc=com?sub nss_base_shadow dc=company,dc=com?sub nss_base_group dc=company,dc=com?sub nss_map_objectclass posixAccount User nss_map_attribute uid msSFUName nss_map_attribute uniqueMember posixMember nss_map_attribute userPassword msSFUPassword nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_attribute cn msSFUName nss_map_objectclass posixGroup Group pam_login_attribute sAMAccountName pam_login_attribute msSFUName pam_filter objectclass=User ldapsearch works when invoked as follows: # ldapsearch -x -D "cn=Administrator,cn=Users,dc=company,dc=com" -W "sAMAccountName=[username]" /etc/nsswitch.conf is configured correctly. What am I missing that is keeping getent from reporting the ldap users? It's been a while since I got this running on RedHat 7.3 and RedHat 8, has fedora changed it's nss_ldap and pam_ldap packaging? (I remember having to recompile for RH 7.3 to support schema mapping). Regards, Joseph
