Mark wrote:
Hi,
I have LDAP setup to do userid, groupid and password handling for me.
I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
Do I need to add LDAP to any others?
The problem I have is the following:
I can logon with a user (for example bob) that is setup in the LDAP
directory and does not exist locally.
When bob logs in, there is are error messages saying :
id: cannot find name for user ID 20002
id: cannot find name for group ID 20001
id: cannot find name for group ID 20003
id: cannot find name for group ID 20002
id: cannot find name for group ID 20000
If bob does "finger bob" or "groups bob", it says no such user.
If root does "finger bob" or "groups bob", everything comes up fine.
Is this a permission problem that prevents users other than root to use
LDAP?
I have the same setup on a different machine using the same LDAP server
where I do not have this problem.
When I logon as bob and do an ldapsearch on "uid=bob" or "cn=bobsgroup" I
get the same result as root gets for these queries, so the problem must be
the part that receives the LDAP result and does the user/group handling
accordingly.
The 3 files I modifed for this setup are ldap.conf nsswitch.conf and
pam.d/system-auth . Is there any other file involved in this process?
Thanks,
MARK
What are the permissions on /etc/ldap.conf?
If it's not readable by the user in question you'll get this problem.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555