RE: Really strange LDAP and ADS problem

If we take the message that the ldap filter is bad as a starting point. I 
think you are missing the scope on the lines nss_base_....
In the expmaple it is:

#nss_base_passwd        ou=People,dc=example,dc=com?one

Where "?one" at the end is the scope. Try changing your line to include 
scope.

Ivaylo

> From: "andbaum (sent by Nabble.com)" <lists@xxxxxxxxxx>
> Reply-To: andbaum <df@xxxxxxxxxxxxxxxxxxxxx>
> To: nssldap@xxxxxxxx
> Subject: [nssldap] Really strange LDAP and ADS problem
> Date: Thu, 9 Mar 2006 05:58:47 -0800 (PST)
>
>
> hi together!
>
> I have the following problem:
> I need a linux server (debian sarge) in a network, managed by active
> directory (windows server 2003). i want to access the AD user database via
> ldap (nsswitch.conf)
>
> libnss-ldap an pam-ldap are installed and imho configured well
>
> my current problem is:
> # getent passwd
> only shows users from /etc/passwd.
>
> but:
> # strace -v getent passwd
> shows, the AD users are read by getent, but not written do stdout:
> [...]
> read(4, "\2d\204\0\0\0m\4#CN=user1,CN=Users,DC="..., 116) = 116
> time([1141871063]) = 1141871063
> select(1024, [4], [], NULL, NULL) = 1 (in [4])
> read(4, "0\204\0\0\0z\2\1", Cool = 8
> read(4, "\2d\204\0\0\0q\4\'CN=user2,CN=Users"..., 120) = 120
> time([1141871063]) = 1141871063
> select(1024, [4], [], NULL, NULL) = 1 (in [4])
> read(4, "0\204\0\0\0~\2\1", Cool = 8
> read(4, "\2d\204\0\0\0u\4+CN=user3,CN=U"..., 124) = 124
> time([1141871063]) = 1141871063
> [...]
> (i changed each real usernames to userx)
>
> has anybody an idea, why there is no write command, like it should be?
>
> the local users are all written to stdout:
> [...]
> write(1, "root:x:0:0:root:/root:/bin/bash\n", 32) = 32
> write(1, "daemon:x:1:1:daemon:/usr/sbin:/b"..., 3Cool = 38
> write(1, "bin:x:2:2:bin:/bin:/bin/sh\n", 27) = 27
> write(1, "sys:x:3:3:sys:/dev:/bin/sh\n", 27) = 27
> [...]
>
> i already removed nscd. it did not help :(
>
> when i try to access the linux machine with an AD account via ssh, i get 
> the
> following message in auth.log
>
> sshd[7249]: nss_ldap: could not search LDAP server - Bad search filter
>
> and here are the files:
>
> # egrep -v '^(#|$)' /etc/libnss-ldap.conf
> @(#)$Id: ldap.conf,v 2.41 2005/03/23 08:30:16 lukeh Exp $
> host ipadress
> base dc=mydomain,dc=de
> ldap_version 3
> binddn CN=myuser,CN=Users,DC=mydomain,DC=de
> bindpw mypasswd
> port 389
> scope one
> nss_base_passwd CN=Users,DC=mydomain,DC=de
> nss_base_shadow CN=Users,DC=mydomain,DC=de
> nss_base_group CN=Group,DC=mydomain,DC=de
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_attribute uid sAMAccountName #msSFUName
> nss_map_attribute homeDirectory msSFUHomeDirectory
> nss_map_objectclass posixGroup Group
> nss_map_attribute cn sAMAccountName #msSFUName
> nss_map_attribute uniqueMember member
> pam_filter objectclass=user
> pam_login_attribute sAMAccountName
> pam_password ad
>
>
>
> # egrep -v '^(#|$)' /etc/ldap/ldap.conf
> BASE dc=mydomain,dc=de
> URI ldap://host.mydomain.de
>
>
> PS: i changed ipadress, mydomain, myuser, mypasswd (all these values are
> correct). the host is in /etc/hosts
>
> thanks in advance
> --
> View this message in context: 
> http://www.nabble.com/Really-strange-LDAP-and-ADS-problem-t1252871.html#a3320266
> Sent from the NSS LDAP forum at Nabble.com.