[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: 8 principal limitation in openldap
From: Srivatsav M <srivatsav.mudumba () gmail ! com>
Date: 2011-03-31 22:07:30
Message-ID: AANLkTikAob+CW2g6o-QkbLcT_Y41-uVtvuswwQsi6Drz () mail ! gmail ! com
[Download RAW message or body]
["attachment.htm" (text/html)]
Hi,<div><br></div><div>I was triaging this issue and I ran into another mysterious \
area, it doesn't look like the number (8) of principals/RDN is the problem and \
infact the length/size of the RDN's could be the issue. Please find the \
/etc/ldap.conf files attached renamed according to the AD/openldap server being \
configured.</div> <div><br></div><div>a. In the ad_ldap_conf_size the number of \
characters is around 3137 for the nss_base_<map>. On line 122, if i just make \
the 80 as 8 in the end of the string, the command "getent passwd" is \
working and it lists all the users registered in the ldap.conf file but otherwise it \
doesn't show any user.</div> <div><br></div><div>b. In the \
open_ldap_conf_size_issue the number of characters is around 3103 for the \
nss_base_<map>. In the end of the file if i just comment the last two lines, \
the "getent passwd" is working and it lists all the users registered in the \
ldap.conf file but otherwise it doesn't show any user.</div> \
<div><br></div><div>from these findings this looks more like some buffer issue, can \
you please help me with the following.</div><div>1. Any particular method/file that I \
should be looking for to check this buffer size may be even in the nss_ldap library \
or so</div> <div>2. If there is a buffer size issue of say around 3137 characters \
(bytes for that), what would be the best value to increase \
it.</div><div><br></div><div>appreciate any \
help</div><div><br></div><div>Thanks</div><div>Ramakanth</div> <div><br><div \
class="gmail_quote">On 30 March 2011 01:17, Srivatsav M <span dir="ltr"><<a \
href="mailto:srivatsav.mudumba@gmail.com">srivatsav.mudumba@gmail.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex;"> Please find below the answers to your \
questions:<div><br></div><div><span style="font-family:'Times New \
Roman';font-size:medium"><span \
style="font-family:monospace;white-space:pre-wrap">1. > >> We are using \
OpenLDAP for authenticating users registered in a LDAP</span><pre> > >> \
server (Open LDAP, Active Directory).
Which one? Or both?</pre><pre>Our dev environment has openLDAP and AD servers and we \
have tested this issue against each of them individually and are able to reproduce it \
against both the types of LDAP servers</pre></span>2. <span \
style="font-family:monospace;white-space:pre-wrap;font-size:medium">Users \
shouldn't be "registered in the /etc/ldap.conf file".</span></div>
<div><font face="monospace" size="3"><span style="white-space:pre-wrap">>> Can \
you please help me understand why I shouldn't be using this in the ldap.conf \
file?</span></font></div> <div><font face="monospace" size="3"><span \
style="white-space:pre-wrap"><br></span></font></div><div><font face="monospace" \
size="3"><span style="white-space:pre-wrap">3. </span></font><span \
style="font-family:monospace;white-space:pre-wrap;font-size:medium">Please supply a \
full copy of your /etc/ldap.conf, or at least a representative </span><span \
style="font-family:monospace;white-space:pre-wrap;font-size:medium">one, and provide \
the example output of 'getent passwd username' and 'groups </span></div>
<div><span style="font-family:monospace;white-space:pre-wrap;font-size:medium"><br></span></div><div><span \
style="font-family:monospace;white-space:pre-wrap;font-size:medium">>> attached \
along with this mail</span></div>
<pre style="font-family:'Times New Roman';font-size:medium">username' for \
the user who doesn't authenticate. You may also want to supply the relevant PAM \
configuration files.</pre><pre><font size="3">$ getent passwd root <xxxxxxxxx>
test_user:somepwd:1002:1002:Test User:/home/testuser:/bin/bash
test_people1:*:10004:10004:Test \
People1:/home/test_people1:/bin/bash</font></pre><pre><font size="3">>> All \
external users are not able to login after adding the 8th principal/RDN</font></pre> \
<pre style="font-family:'Times New \
Roman';font-size:medium">/etc/pam.d/common-auth</pre><pre><font face="'Times \
New Roman'" size="3">auth required pam_env.so auth sufficient pam_ldap.so \
use_first_pass auth required pam_unix2.so
<br></font></pre><pre><font face="'Times New Roman'" \
size="3">/etc/pam.d/common-account</font></pre><pre><font face="'Times New \
Roman'" size="3">account required pam_unix2.so account sufficient \
pam_localuser.so account required pam_ldap.so use_first_pass
<br></font></pre><pre><font face="'Times New Roman'" \
size="3">/etc/pam.d/common-session</font></pre><pre><font face="'Times New \
Roman'" size="3"> session required pam_limits.so
session required pam_unix2.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
session optional pam_umask.so
Also, please provide details of your LDAP client (distribution release, what versions \
of nss_ldap and pam_ldap you are running).</font></pre><pre><font face="'Times \
New Roman'" size="3">>> openldap2-client-2.3.32-0.25 >> \
nss_ldap-259-4.3</font></pre><div><font face="monospace" size="3"><span \
style="white-space:pre-wrap">4. <span style="font-family:'Times New \
Roman';white-space:normal"><span \
style="font-family:monospace;white-space:pre-wrap">Do we know what the actual problem \
is? Do we know it would be solved by nss-</span><span \
style="font-family:monospace;white-space:pre-wrap">ldapd?</span><pre> There might be \
a simple misunderstanding here, or a simple configuration problem, and switching \
software might not solve that.
Additionally, the distribution in question may have a different preferred LDAP \
client.</pre><pre>>> based on the above information, would it be possible for \
pointing any config. issues? , please do let me know if you need any further \
information.</pre>
<pre>thanks</pre><pre>Ramakanth</pre><pre><br></pre></span></span></font><div><div></div><div \
class="h5"><div class="gmail_quote">On 25 March 2011 20:23, Marco Pizzoli <span \
dir="ltr"><<a href="mailto:marco.pizzoli@gmail.com" \
target="_blank">marco.pizzoli@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br>I could be corrected if I'm wrong, but this \
problem is not related to OpenLDAP. It's a nss_ldap problem.<br>
nss_ldap is a client library that's used by linux vendors to achieves seamless \
integration of users against *a* LDAP server.<br>
<br>I had a similar problem with a complex configuration and bypassed (not solved) \
the problem by modifying my client configuration.<br><br>I reduced the number of ldap \
server configured to be accessed: from 4 to 3.<br>I reduced the number of users \
defined in <b>nss_initgroups_ignoreusers</b> directive: i had about 40 listed in \
it...<br>
<br>Etc...<br><br>Make some tries and tell me if you can solve \
it.<br><br>Marco<div><div></div><div><br><br><br><div class="gmail_quote">On Thu, Mar \
24, 2011 at 9:25 PM, Srivatsav M <span dir="ltr"><<a \
href="mailto:srivatsav.mudumba@gmail.com" \
target="_blank">srivatsav.mudumba@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid \
rgb(204, 204, 204);padding-left:1ex"><span \
style="border-collapse:separate;color:rgb(0, 0, 0);font-family:'Times New \
Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:nor \
mal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span \
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">Hi,<br>
<br>We are using OpenLDAP for authenticating users registered in a LDAP server (Open \
LDAP, Active Directory). After adding 8 principals (/etc/ldap.conf), none of the \
users registered in the /etc/ldap.conf file are able to login. <br>
<br>nss_base_passwd OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname<br></span></span><span \
style="border-collapse:separate;color:rgb(0, 0, 0);font-family:'Times New \
Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:nor \
mal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span \
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">nss_base_shadow \
</span></span><span style="border-collapse:separate;color:rgb(0, 0, \
0);font-family:'Times New \
Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:nor \
mal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span \
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname<br>
nss_base_group </span></span><span style="border-collapse:separate;color:rgb(0, 0, \
0);font-family:'Times New \
Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:nor \
mal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span \
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">OU=engg,D \
C=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname</span></span><br>
<br><span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:'Times \
New Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing \
:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span \
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br>
Can you please share the reason for this 7 limitation in the open ldap library. or \
how I can fix this issue. I am looking i for the header file in the source files \
whhich has this constant or limitation defined.<br><br> Tried googling, but it \
appears that no one has encountered this issue. Some customers are running into this \
issue and it has become a severity 1 issue to fix.<br>
<br>Thanks<br>Ramakanth<br></span></span>
</blockquote></div><br><br clear="all"><br></div></div><font color="#888888">-- \
<br>_________________________________________<br>Non è forte chi non cade, ma chi \
cadendo ha la forza di rialzarsi.<br> Jim Morrison<br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
["ad_ldap_conf_size_issue.txt" (text/plain)]
#
# /etc/ldap.conf
#
#configtype AD
#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#
# See ldap.conf(5) for details
#
# Contents of this file are auto generated
#
# Your LDAP server. Must be resolvable without using LDAP. {DUMMY IP ADDRESS, acutal \
one is pingable} host 192.168.1.1
# The distinguished name of the search tree.
base dc=INTRANET,dc=prodname,dc=COM
# Your LDAP server name. Must be resolved using /etc/hosts
#uri LDAP_URI_CONFIG_VALUE
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# Don't try forever if the LDAP server is not reacheable
bind_policy soft
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,dc=INTRANET,dc=prodname,dc=COM
# The credentials to bind with.
# Optional: default is no credential.
bindpw somepassword
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=example,dc=com
# The port.
# Optional: default is 389.
port 389
# Search the root DSE for the password policy (works
# with Netscape Directory Server). And make use of
# Password Policy LDAP Control (as in OpenLDAP)
pam_lookup_policy yes
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_password crypt
# returns NOTFOUND if nss_ldap's initgroups() is called
# for users specified in nss_initgroups_ignoreusers
# (comma separated)
nss_initgroups_ignoreusers root,ldap
# Enable support for RFC2307bis (distinguished names in group
# members)
nss_schema rfc2307bis
# Enable search time limit to 15 seconds
timelimit 15
# Enable bind timelimit to 15 seconds
bind_timelimit 15
#AD specific attribute set
scope sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid samaccountname
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute loginShell loginShell
nss_map_attribute gecos uidNumber
# nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory unixhomedirectory
nss_map_objectclass posixGroup group
nss_map_attribute cn samaccountname
pam_login_attribute samaccountname
# pam_member_attribute msSFU30PosixMember
nss_override_attribute_value loginShell /bin/bash
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
# nss_map_attribute uniqueMember msSFU30PosixMember
pam_filter objectclass=user
tls_checkpeer no
nss_base_passwd CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=800012)
nss_base_shadow CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=800012)
nss_base_group CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=80
nss_base_passwd CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_passwd CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_shadow CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
nss_base_group CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM
["open_ldap_conf_size_issue.txt" (text/plain)]
#
# /etc/ldap.conf
#
#configtype OpenLDAP
#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#
# See ldap.conf(5) for details
#
# Contents of this file are auto generated
#
# Your LDAP server. Must be resolvable without using LDAP.{DUMMY IP ADDRESS, acutal one is pingable}
host 192.168.1.1
# The distinguished name of the search tree.
base dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
# Your LDAP server name. Must be resolved using /etc/hosts
uri ldaps://somldapserver
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# Don't try forever if the LDAP server is not reacheable
bind_policy soft
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw somepaswd
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=example,dc=com
# The port.
# Optional: default is 389.
port 636
# Search the root DSE for the password policy (works
# with Netscape Directory Server). And make use of
# Password Policy LDAP Control (as in OpenLDAP)
pam_lookup_policy yes
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_password crypt
# returns NOTFOUND if nss_ldap's initgroups() is called
# for users specified in nss_initgroups_ignoreusers
# (comma separated)
nss_initgroups_ignoreusers root,ldap
# Enable support for RFC2307bis (distinguished names in group
# members)
nss_schema rfc2307bis
# Enable search time limit to 15 seconds
timelimit 15
# Enable bind timelimit to 15 seconds
bind_timelimit 15
#AD specific attribute set
# scope sub
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uidNumber msSFU30UidNumber
#nss_map_attribute uidNumber msSFU30UidNumber
#nss_map_attribute gidNumber msSFU30GidNumber
#nss_map_attribute loginShell msSFU30LoginShell
#nss_map_attribute gecos name
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn cn
#pam_login_attribute msSFU30Name
#pam_member_attribute msSFU30PosixMember
nss_override_attribute_value loginShell /bin/bash
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl on
nss_map_attribute uniqueMember member
pam_filter objectclass=posixAccount
tls_checkpeer no
nss_base_passwd uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_shadow uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_group uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
nss_base_passwd uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
# nss_base_shadow uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
# nss_base_group uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic