[sparks-discuss] nexenta solaris client to openldap server group issues

Doug Leavitt Doug.Leavitt at Sun.COM
Mon Jan 8 12:56:05 PST 2007 

Hi Thomas,
I asked around and we're pretty sure the bug you are hitting is
one that we are working on right now, and hope to deliver shortly.
The bug is:
	CR 6508109 getgrent[_r] can't get entry from ldap backend


If I recall correctly you can confirm this by adding a memberuid attr/value
to your group entry  such as:

memberuid: tgartner

getent should respond properly.  We hope to have this fixed shortly.
We are attempting to get testing complete so it can be fixed in the b56 build.

Doug.


Thomas Garner wrote:
> I hope this is an appropriate list.  If not please redirect me.
> 
> I am working to try and get a Nexenta (elatte-testing) machine to act
> as a client to a Debian OpenLDAP server.  I have gotten most
> everything to work, except ldap group resolution.  I do have a Debian
> LDAP client that is working fine with the ldap server.  But, on the
> Nexenta machine, I can see all users (local and ldap), and local
> groups, but no ldap groups.  ldaplist will list the sole ldap group I
> have, but getent does not seem to recognize that the group exists.  It
> seems to me to be a configuration issue, but I've beaten my head
> against the wall and made no progress.  Below is some context.
> 
> Thanks!
> Thomas
> 
> [root at filer1 ~]# uname -a
> SunOS filer1 5.11 NexentaOS_20061122 i86pc i386 i86pc Solaris
> [root at filer1 ~]# getent passwd tgarner
> tgarner:x:1001:1001:Thomas Garner,,,:/home/tgarner:/bin/bash
> [root at filer1 ~]# ldaplist -l group
> dn: cn=tgarner,ou=Group,dc=chobas,dc=com
>        objectClass: posixGroup
>        objectClass: top
>        cn: tgarner
>        userPassword: {crypt}x
>        gidNumber: 1001
> [root at filer1 ~]# getent group
> root:*:0:
> other:*:1:root
> bin:*:2:root,daemon
> sys:*:3:root,bin,adm
> adm:*:4:root,daemon
> uucp:*:5:root
> mail:*:6:root
> tty:*:7:root,adm
> lp:*:8:root,adm
> nuucp:*:9:root
> staff:*:10:
> daemon:*:12:root
> proxy:*:13:
> sysadmin:*:14:
> kmem:*:15:
> disk:*:16:
> news:*:17:
> man:*:18:
> dialout:*:20:
> fax:*:21:
> voice:*:22:
> floppy:*:23:
> cdrom:*:24:
> smmsp:*:25:
> tape:*:26:
> sudo:*:27:
> audio:*:29:
> dip:*:30:
> www-data:*:33:
> backup:*:34:
> operator:*:37:
> list:*:38:
> irc:*:39:
> src:*:40:
> gnats:*:41:
> shadow:*:42:
> utmp:*:43:
> video:*:44:
> sasl:*:45:
> plugdev:*:46:
> gdm:*:50:
> games:*:60:
> webservd:*:80:
> users:*:100:
> nobody:*:60001:
> noaccess:*:60002:
> nogroup:*:65534:
> [root at filer1 ~]# cat /etc/nsswitch.conf
> passwd:     files ldap
> group:      files ldap
> 
> # You must also set up the /etc/resolv.conf file for DNS name
> # server lookup.  See resolv.conf(4).
> hosts:      files dns
> 
> # Note that IPv4 addresses are searched for in all of the ipnodes databases
> # before searching the hosts databases.
> ipnodes:   files dns
> 
> networks:   files
> protocols:  files
> rpc:        files
> ethers:     files
> netmasks:   files
> bootparams: files
> publickey:  files
> # At present there isn't a 'files' backend for netgroup;  the system will
> #   figure it out pretty quickly, and won't use netgroups at all.
> netgroup:   files
> automount:  files
> aliases:    files
> services:   files
> printers:       user files
> 
> auth_attr:  files
> prof_attr:  files
> project:    files
> 
> tnrhtp:     files
> tnrhdb:     files
> [root at filer1 ~]# cat /var/ldap/ldap_client_file
> #
> # Do not edit this file manually; your changes will be lost.Please use
> ldapclient (1M) instead.
> #
> NS_LDAP_FILE_VERSION= 2.0
> NS_LDAP_SERVERS= 192.168.1.136
> NS_LDAP_SEARCH_BASEDN= dc=chobas,dc=com
> NS_LDAP_AUTH= simple
> NS_LDAP_SEARCH_REF= TRUE
> NS_LDAP_SEARCH_SCOPE= one
> NS_LDAP_SEARCH_TIME= 30
> NS_LDAP_CACHETTL= 43200
> NS_LDAP_PROFILE= default
> NS_LDAP_CREDENTIAL_LEVEL= proxy
> NS_LDAP_SERVICE_SEARCH_DESC= group: ou=Group,dc=chobas,dc=com
> NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=chobas,dc=com
> NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=chobas,dc=com
> NS_LDAP_BIND_TIME= 2
> [root at filer1 ~]# dpkg -S getent
> sunwcsu: /usr/bin/getent
> [root at filer1 ~]# dpkg -l sunwcsu
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
> |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: 
> uppercase=bad)
> ||/ Name                        Version                     Description
> +++-===========================-===========================-====================================================================== 
> 
> ii  sunwcsu                     5.11.50-1                   Core 
> Solaris, (Usr)
> _______________________________________________
> sparks-discuss mailing list
> sparks-discuss at opensolaris.org
> http://opensolaris.org/mailman/listinfo/sparks-discuss

More information about the sparks-discuss mailing list