Re: -bash: [: : integer expression expected

I probably should add to this, as I forgot to earlier..

If I am logged in as root (which is fine, local logins work fine), and
run id it reads ldap fine, as so:

# id dcross -u
2001

- Daniel

On Mon, 2006-09-18 at 10:37 +1200, Daniel Cross wrote:
> On Fri, 2006-09-15 at 08:23 +0100, Howard Wilkinson wrote:
> > Daniel,
> > 
> > the use of '*' for the password field is standard practice and SHOULD
> > not be the cause of this problem. 
> 
> In this case, why are my working systems, which are running libnss-ldap
> 238, showing the standard shadow 'x'. This is the only system which
> shows an asterisk.
> 
> > I do not remember from the previous message what platform you are
> > running on. 
> 
> Debian Sarge.
> 
> > On our FC5 system the id utility comes from coreutils and we run
> > 5.97-1.2 which works with ldap/AD users. I suggest you find a
> > compatible version for your box and see if that fixes the problem. It
> > is possible that id uses regex in spliting the data and has
> > misinterpreted the '*' as a pattern. This is a complete guess. Also,
> > try to run the following as your user on the failing system
> > 
> > getent passwd dcross
> > getent passwd | grep dcross
> > 
> > If you do not get the same answer you have a problem with nscd or
> > permissions accessing the LDAP database as a standard user rather than
> > root.
> 
> id is 5.2.1. However I think the issue is before id is used. Once again
> I think this is a further symptom but not the underlying issue. id is
> used when setting the path while inititialising the shell, no? I think
> whatever the issue is, it's before this point.  Also, this is the same
> version that is installed on the boxes which work, running libnss-ldap
> 238.
> Also the nss, ldap, libuuid, pam libraries and packages are all the same
> versions.
> Actually, would id not be using libnss-ldap to look up this info?
> 
> Also, as far as it being ldap permissions, how can this be the case, as
> it worked fine under an earlier libnss-ldap. 
> 
> I am also not running nscd.
> 
> I cannot run the above as my user, as my user cannot do _anything_ once
> logged in. If I run sudo -u dcross getent passwd dcross I get the the
> same (asterisk)
> 
> > If you want I will read through your ldap.conf and see if I can see
> > any problems.
> > 
> As I said, as it works with an earlier version of libnss-ldap, I am very
> certain that this is an issue with this version of libnss-ldap. Here are
> my configs though:
> 
> /etc/libnss-ldap.conf:
> host server1.acme.net server2.acme.net
> base ou=users,dc=acme,dc=net
> ldap_version 3
> binddn cn=view,dc=acme,dc=net
> bindpw password
> timelimit 10
> bind_timelimit 4
> pam_check_host_attr yes
> nss_base_group  ou=groups,dc=acme,dc=net?one
> ssl start_tls
> tls_cacertfile /etc/cacert.pem
> 
> /etc/pam_ldap.conf:
> host server1.acme.net server2.acme.net
> base ou=users,dc=acme,dc=net
> ldap_version 3
> binddn cn=view,dc=acme,dc=net
> bindpw password
> timelimit 10
> bind_timelimit 4
> pam_check_host_attr yes
> pam_password crypt
> nss_base_group          ou=groups,dc=acme,dc=net?one
> ssl start_tls
> tls_cacertfile /etc/cacert.pem
> 
> /etc/ldap/ldap.conf:
> host server1.acme.net server2.acme.net
> port 389
> timelimit 3
> bind_timelimit 3
> ssl start_tls
> tls_cacertfile /etc/cacert.pem
> sudoers_base   ou=sudo,dc=acme,dc=net
> 
> And tracking the connection on the ldap server in syslog with debug on,
> which unless I've missed something, shows that it's getting all the info
> from ldap OK:
> 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 fd=255 ACCEPT from
> IP=58.28.6.16:53344 (IP=0.0.0.0:389) 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=0 STARTTLS 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=0 RESULT oid= err=0
> text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 fd=255 TLS established
> tls_ssf=128 ssf=128 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 BIND
> dn="cn=view,dc=wxnz,dc=net" method=128 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 BIND
> dn="cn=view,dc=wxnz,dc=net" mech=SIMPLE ssf=0 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 RESULT tag=97
> err=0 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SRCH
> base="ou=users,dc=wxnz,dc=net" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=dcross))" 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SEARCH RESULT
> tag=101 err=0 nentries=1 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=3 SRCH
> base="ou=users,dc=wxnz,dc=net" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=dcross))" 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=3 SEARCH RESULT
> tag=101 err=0 nentries=1 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SRCH
> base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0
> filter="(&(objectClass=posixGroup)(|(memberUid=dcross)(uniqueMember=cn=dcross,ou=users,dc=wxnz,dc=net)))"
>  
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SRCH
> attr=gidNumber 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SEARCH RESULT
> tag=101 err=0 nentries=3 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SRCH
> base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0
> filter="(&(objectClass=posixGroup)(uniqueMember=cn=admin,ou=groups,dc=wxnz,dc=net))"
>  
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SRCH
> attr=gidNumber 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SEARCH RESULT
> tag=101 err=0 nentries=0 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SRCH
> base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0
> filter="(&(objectClass=posixGroup)(uniqueMember=cn=mail,ou=groups,dc=wxnz,dc=net))"
>  
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SRCH
> attr=gidNumber 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SEARCH RESULT
> tag=101 err=0 nentries=0 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SRCH
> base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0
> filter="(&(objectClass=posixGroup)(uniqueMember=cn=freerad,ou=groups,dc=wxnz,dc=net))"
>  
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SRCH
> attr=gidNumber 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SEARCH RESULT
> tag=101 err=0 nentries=0 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SRCH
> base="ou=users,dc=wxnz,dc=net" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=dcross))" 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SEARCH RESULT
> tag=101 err=0 nentries=1 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SRCH
> base="ou=users,dc=wxnz,dc=net" scope=2 deref=0
> filter="(&(objectClass=shadowAccount)(uid=dcross))" 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SRCH attr=uid
> userPassword shadowLastChange shadowMax shadowMin shadowWarning
> shadowInactive shadowExpire shadowFlag 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SEARCH RESULT
> tag=101 err=0 nentries=0 text= 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SRCH
> base="ou=users,dc=wxnz,dc=net" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=dcross))" 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass 
> Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SEARCH RESULT
> tag=101 err=0 nentries=1 text= 
> 
> Regards,
> 
> 
-- 
Daniel Cross                                    
Systems Administrator                           Cell +64 21535975
WorldxChange                                    DDI  +64 9 9501354