-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I think I have some data caching, but I am unsure where. All the source locations for user accounts all appear to be correct, but the system is holding on to old information... Out of ideas, anyone else seen this?
2 users: MMH and JZP. MMH is no longer employed here and was replaced by JZP.
On our internal server: ~ - FC2 ~ - System accounts in passwd/shadow ~ - User accounts in Open LDAP via the PADL tools
- ---------- ~ # grep ^passwd /etc/nsswitch.conf ~ passwd: files ldap
~ # grep ^shadow /etc/nsswitch.conf ~ shadow: files ldap
~ # grep ^host /etc/ldap.conf ~ host 127.0.0.1
~ # grep ^MMH /etc/passwd
~ # grep ^JZP /etc/passwd
~ # getent passwd MMH
~ # getent passwd JZP ~ JZP:x:<user data> - ----------
This is perfect, the ex-employee is gone, the new employee is in place. ~ Exactly as it should me.
Now our mail server: ~ - FC3 ~ - System accounts in passwd/shadow ~ - User accounts (mail/ftp/etc) in LDAP via the PADL tools
- ---------- ~ # grep ^passwd /etc/nsswitch.conf ~ passwd: files ldap
~ # grep ^shadow /etc/nsswitch.conf ~ shadow: files ldap
~ # grep ^host /etc/ldap.conf ~ host localhost, 192.168.254.22
~ # grep ^MMH /etc/passwd
~ # grep ^JZP /etc/passwd
~ # getent passwd MMH ~ MMH:x:<user information for ex-employee>
~ # getent passwd JZP
- ----------
The only difference other than the result is the host line in /etc/ldap.conf. 192.168.254.22 is the ip of the other server, but that server is used only in failover. It will try to use the local cached copy first. So, my next diagnostics was pointed to the LDAP server.
Internal Server: ~ # ldapsearch -x -LLL -h localhost uid=MMH uid
~ # ldapsearch -x -LLL -h localhost uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP
Mail Server: ~ # ldapsearch -x -LLL -h localhost uid=MMH uid
~ # ldapsearch -x -LLL -h localhost uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP
~ # ldapsearch -x -LLL -h 192.168.254.22 uid=MMH uid
~ # ldapsearch -x -LLL -h 192.168.254.22 uid=JZP uid ~ dn: <obscured but correct> ~ uid: JZP
OK, anybody have any idea where the Mail server is getting the incorrect user account data from? If you want to see even more fun, I can ask getent for the entire passwd user database, and it will show me both local and LDAP accounts. If I grep the results for MMH, it will tell me there is none. However, if I enter MMH in as the key to search for, it finds it despite not being in the list. JZP acts the same way in reverse.
Mail Server: ~ # getent passwd | grep MMH
~ # getent passwd MMH ~ MMH:x:<user info>
~ # getent passwd | grep JZP ~ JZP:x:<again obscured>
~ # getent passwd JZP
~ # getent passwd | grep root ~ root:x:<obscured> ~ operator:x:<obscured>
~ # getent passwd | grep kevin ~ kevin:x:<obscured>
How is this even possible????
the same thing is happening with the groups. MMH is still showing up in groups, JZP is not, except all the source locations have JZP not MMH stored as data.
Where the heck is this old data coming from? Any clues?
- -- Kevin Fries Network Administrator Hydrologic Consultants, Inc of Colorado (303) 969-8033 FAX: (303) 969-8357 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB+V/+iFq1Eo16+CgRAsrtAKCi8I+/gQoBgbxk6FLnKwSM/UMsxACghXSu M8rzOGp/6Jezi+EtG/wTx1c= =qPqG -----END PGP SIGNATURE-----