LDAP problem (caused by permissions?)

Nigel Wade nmw at ion.le.ac.uk
Wed Sep 29 12:08:37 UTC 2004


Mark wrote:
> Hi,
> 
> I have LDAP setup to do userid, groupid and password handling for me.
> I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
> Do I need to add LDAP to any others?
> 
> The problem I have is the following:
> I can logon with a user (for example bob) that is setup in the LDAP
> directory and does not exist locally.
> When bob logs in, there is are error messages saying :
> id: cannot find name for user ID 20002
> id: cannot find name for group ID 20001
> id: cannot find name for group ID 20003
> id: cannot find name for group ID 20002
> id: cannot find name for group ID 20000
> 
> If bob does "finger bob" or "groups bob", it says no such user.
> 
> If root does "finger bob" or "groups bob", everything comes up fine.
> 
> Is this a permission problem that prevents users other than root to use
> LDAP?
> 
> I have the same setup on a different machine using the same LDAP server
> where I do not have this problem. 
> When I logon as bob and do an ldapsearch on "uid=bob" or "cn=bobsgroup" I
> get the same result as root gets for these queries, so the problem must be
> the part that receives the LDAP result and does the user/group handling
> accordingly.
> 
> The 3 files I modifed for this setup are ldap.conf nsswitch.conf and
> pam.d/system-auth . Is there any other file involved in this process?
> 
> Thanks,
> 
> MARK
> 
> 

What are the permissions on /etc/ldap.conf?

If it's not readable by the user in question you'll get this problem.


-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555




More information about the fedora-list mailing list