charlie derr wrote:
>> 2. I also noticed that the LDAP database does not contain uidNumber or
>> gidNumber values for entries - is it possible this is what is causing
>> "getent passwd" to fail?
>
> Yeah, I think that's definitely going to be a show stopper.
Thanks for the quick reply - and the confirmation that this is the problem.
> I'm certainly no expert, but if you don't have those values in LDAP (or
> even if they're populated, but not visible to
> cn=aproxy,ou=Service Accounts,ou=BBB Users,dc=ie,dc=bbb,dc=ccc ) then I
> think you're not going to succeed. I'm curious about how you could have
> managed to populate these entries in your directory (because for
> objectClass: posixAccount they're both required attributes). Did you
> turn off schema checking in your OpenLDAP? (I think you must have
> because if you hadn't, you wouldn't have been able to add them without
> valid integers being set for both uidNumber and gidNumber ). If so, I
> imagine that you'll need to reload your entries with the correct values
> all populated.
I don't have access to the openldap server I'm working against but afaik
it is a proxy for an AD server and is mapping some fields on the fly -
so it may not be doing any schema validation. I've passed a request back
up the chain to get uidNumber, gidNumber and other posixAccount fields
added in but it may take some time to get that sorted out.
Thanks,
-stephen
