[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nssldap
Subject:    Re: [nssldap] gentent works but "id" and "groups" commands fail with message "failed to get groups f
From:       Luke Howard <lukeh () padl ! com>
Date:       2008-03-27 11:24:39
Message-ID: 85B78608-B284-43E0-91AE-C0BB82791E64 () padl ! com
[Download RAW message or body]

This may have been fixed in nss_ldap-260:

260     Luke Howard <lukeh@padl.com>

         * patch from Ralf Haferkamp <rhafer@suse.de>:
           only set errno for NSS_TRYAGAIN


-- Luke

On 21/03/2008, at 7:52 PM, Arthur de Jong wrote:
>
> On Thu, 2008-03-20 at 09:42 +0100, jodok-ole.muellers@aschendorff.de
> wrote:
>> I set up libnss-ldap on Linux to get user/group information
>> from a Windows Active Directory Server.
>>
>> With getent it all looks fine to me, although I am not sure about
>> the password field (second field in getent passwd) which is 'x'
>> for local users and 'ABCD!efgh12345$67890' for ADS users.
>> Same with getent group, the group password field is 'x' for local
>> users and '*' for ADS users.
>>
>> Even though getent output looks fine the
>> id and groups commands fail for users stored in ADS LDAP:
>
> I ran into this problem with nss-ldapd. It may also affect nss_ldap (I
> haven't looked at the code though that this is really the problem).
>
> The GNU glibc docs [1] seem to suggest that if you return
> NSS_STATUS_NOTFOUND you should set errno to ENOENT. This however  
> causes
> problems with some tools.
>
> Instead if get*ent() does not find any more entries it should just
> return NSS_STATUS_NOTFOUND and not touch errno.
>
> [1] http://www.gnu.org/software/libc/manual/html_node/NSS-Modules-Interface.html
>
> -- 
> -- arthur - arthur@ch.tudelft.nl - http://ch.tudelft.nl/~arthur --

--
www.padl.com | www.fghr.net

[prev in list] [next in list] [prev in thread] [next in thread]