16.04 fails ldap authentication
Xen
list at xenhideout.nl
Fri Jun 16 12:21:59 UTC 2017
Ian Taylor schreef op 16-06-2017 12:58:
> Any help to resolve this would be sincerely appreciated
>
> a getent returns only the contains of /etc/passwd on the local machine
I have had (and still have) a system 16.04 that can derive group and/or
user from an LDAP on the local network.
I have not used nsss.
The URI ldap:// did not work for me.
I used HOST and then an IP address, I believe.
I believe I employed unscd as a caching daemon because it functioned
better for a certain cause. My use case was for negative results
(nonexistent groups) to have a very long timeout (cache duration)
because otherwise they would hang the lookups and cause delays in mainly
log-in attemps and so on. I also set the timelimits and timeouts of
ldap.conf to very low values (seconds).
The libnss-ldap package is broken for a very long time already and they
won't fix it.
You have to run /usr/sbin/nssldap-update-ignoreusers manually as root to
ensure lookups are not performed through LDAP for system users and
groups.
But you didn't get that far yet.
I can't say anything else, I did nothing special. Although in the LDAP
database I have set "loginShell" to false because I didn't want these
users to be used for local login ;-).
When initially "getent" wouldn't work, it was because the URI thing
didn't work for me.
Regards.
More information about the ubuntu-users
mailing list