[ale] LDAP Authentication Issue

John Heim john at johnheim.com
Thu May 29 15:13:27 EDT 2014




I don't know if this helps but restarting nslcd (name service ldap cache 
daemon) does not clear the cache. If identity information is cached, it 
will still be there after restarting. So restarting nslcd shouldn't fix 
anything unless there is something wrong with the connection to the ldap 
server. I suspect there is something wrong with the connectin to the 
ldap server. However, it doesn't make mmuch sense that it is for only 
one user.

1. Can you finger another user on the same machine?
2. Can you finger the same user on another machine?
3.Can you find the user with an ldapsearch, 'ldapsearch -x uid=<id>'?



On 05/29/14 13:41, Sam Davis wrote:
> Hey David,
>
> getent passwd returns nothing for both the username and the uid.
>
>
> Sam
>
>
> On 05/15/2014 06:05 PM, David Tomaschik wrote:
>> On Wed, May 14, 2014 at 8:59 AM, Sam Davis <aracthabar at gmail.com
>> <mailto:aracthabar at gmail.com>> wrote:
>>
>>     Hello All,
>>
>>         I have to admit, I really don't know where to begin on this.
>>     LDAP has never been my strong suit.  We use LDAP authentication
>>     for most of our servers.  We have one user for whom the client
>>     machines seem to forget about.  In order to restore his account's
>>     functionality, I have to stop and then start nslcd.  Sometimes the
>>     client machines do not even realize his account exists, sometimes
>>     it knows the account exists, but doesn't assign the correct group
>>     memberships.  Other accounts are not impacted by this.  Does
>>     anyone have any idea where to even begin looking into an issue
>>     like this?
>>
>>
>> I suspect I might know a thing or two about the LDAP system in question...
>>
>> To confirm:
>> 1) Only 1 user is affected?
>> 2) They are affected on multiple machines?  Is it all machines?
>> 3) Does it happen at the same time across all machines?
>> 4) When it occurs on a machine, what does "getent passwd <username>"
>> return?  A password entry, an error, or nothing?  Also might want to
>> try "getent passwd <uid>" to see if the behavior differs.
>>
>>     Sam
>>     _______________________________________________
>>     Ale mailing list
>>     Ale at ale.org <mailto:Ale at ale.org>
>>     http://mail.ale.org/mailman/listinfo/ale
>>     See JOBS, ANNOUNCE and SCHOOLS lists at
>>     http://mail.ale.org/mailman/listinfo
>>
>>
>>
>>
>> --
>> David Tomaschik
>> OpenPGP: 0x5DEA789B
>> http://systemoverlord.com
>> david at systemoverlord.com <mailto:david at systemoverlord.com>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


More information about the Ale mailing list