From owner-freebsd-questions@FreeBSD.ORG  Wed Feb  2 10:17:53 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B036516A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Feb 2005 10:17:53 +0000 (GMT)
Received: from www.EnableIT.dk (213.237.54.63.adsl.suoe.worldonline.dk
	[213.237.54.63])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 764A743D5C
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Feb 2005 10:17:52 +0000 (GMT)	(envelope-from kl@vsen.dk)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.EnableIT.dk (Postfix) with ESMTP id A1514BD9A
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Feb 2005 11:17:50 +0100 (CET)
Received: from [192.168.11.26] (gw02.telmore.dk [62.242.232.132])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by www.EnableIT.dk (Postfix) with ESMTP id 79D87BC80
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Feb 2005 11:17:48 +0100 (CET)
Message-ID: <4200A8ED.9030200@vsen.dk>
Date: Wed, 02 Feb 2005 11:18:21 +0100
From: Klavs Klavsen <kl@vsen.dk>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at enableit.dk
Subject: nsswitch ldap lookup problems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2005 10:17:53 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

I've gotten my kerberos and openldap up and running on FreeBSD 5.3 - and
can login with my user (because he has been created in kerberos and pam
looks in that), but nsswitch can't find the user in ldap for some reason.

All help will be greatly appreciated

When I login with ssh I get this in debug.log:
Feb  2 11:06:06 auth01 sshd[771]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found
Feb  2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Feb  2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Feb  2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Feb  2 11:06:09 auth01 slapd[604]: conn=2 fd=12 ACCEPT from
IP=172.21.1.109:56828 (IP=0.0.0.0:636)
Feb  2 11:06:09 auth01 slapd[604]: conn=2 op=0 BIND dn="" method=128
Feb  2 11:06:09 auth01 slapd[604]: conn=2 op=0 RESULT tag=97 err=0 text=
Feb  2 11:06:09 auth01 slapd[604]: conn=2 op=1 SRCH
base="ou=People,dc=vsen,dc=dk" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=ktk))"
Feb  2 11:06:09 auth01 slapd[604]: conn=2 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb  2 11:06:09 auth01 slapd[604]: conn=2 fd=12 closed
Feb  2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Feb  2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Feb  2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Feb  2 11:06:09 auth01 sshd[774]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found

if I try to do an ldapsearch for the same:
# ldapsearch "(&(objectClass=posixAccount)(uid=ktk))" -b
"ou=People,dc=vsen,dc=dk"  -Y gssapi

It seems to work fine:
[SNIP - cut SASL talk]
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(objectClass=posixAccount)(uid=ktk))
# requesting: -b ou=People,dc=vsen,dc=dk -Y gssapi
#

# ktk, People, telmore.dk
dn: uid=ktk,ou=People,dc=vsen,dc=dk

# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1

my /usr/local/etc/ldap.conf (on freebsd 5.3) looks like this:
BASE    dc=vsen, dc=dk
URI          ldaps://auth.vsen.dk:636/
TLS_REQCERT  allow


#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

scope sub
port 389
pam_password md5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=People,dc=vsen,dc=dk?one
nss_base_group ou=Groups,dc=vsen,dc=dk?one
nss_base_shadow ou=People,dc=vsen,dc=dk?one
#debug testing
logdir /var/log
debug 9


- --
Regards,
Klavs Klavsen, GSEC - kl@vsen.dk - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62

"Those who do not understand Unix are condemned to reinvent it, poorly."
~  --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCAKjtPToLeX4GPGIRAutdAJ4prd0S1dlM+kNcSAooZgNg6AV+hgCfW3pL
YA9GXibYIkpgKkrxvPxL50c=
=JwZO
-----END PGP SIGNATURE-----