Karl O. Pinc wrote:
>
> On 06/25/2009 07:19:45 PM, Aaron Hicks wrote:
>> Hmm, getent passwd ldapuser and id ldapuser now produce these debug
>> messages, and not find the LDAP user (even though it is exactly the
>> same user it's binding with)
>
> FWIW when that happens with an OpenLDAP server it's because you've
> rights to bind (or maybe lookup by direct dn match, I forget)
> but not search. Or at least that's one way to exhibit those symptoms,
> there could be others.
For situations like this I prefer to use debug 7 to see the actual network
data. It looks like an entry was actually received, from the previous output.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com Director, Highland Sun
http://highlandsun.com/hyc/ Chief Architect, OpenLDAP
http://www.openldap.org/project/
