I can't seem to get a combination that was working with Fedora 13 to work with Fedora 15.
In Fedora 13 I would use these settings in /etc/nsswitch.conf:
hosts: files dns ldap
And in /etc/ldap.conf:
nss_base_hosts ou=Hosts,dc=foobar,dc=org?one
If I try to do this on Fedora 15, it doesn't work at all. Is there a way to do this without having to install 'nss_ldap'? I also would like to get the 'netgroups' from LDAP... this was also working with Fedora 13.
As it is now, I'm using 'nis' as a workaround for these mappings when I should be doing it with 'ldap'.
Thank You!
--
Luc Lalonde, analyste
---------------------------------------------------------------------
Département de génie informatique:
École polytechnique de Montréal
(514) 340-4711 x5049
Luc.Lalonde@polymtl.ca
---------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
06-13-2011, 08:00 PM
Nalin Dahyabhai
nss_ldap + sssd for hostname resolution
On Mon, Jun 13, 2011 at 03:45:50PM -0400, Luc Lalonde wrote:
> Hello Folks,
>
> I can't seem to get a combination that was working with Fedora 13 to work with Fedora 15.
>
> In Fedora 13 I would use these settings in /etc/nsswitch.conf:
>
> hosts: files dns ldap
I really would recommend not doing that -- the LDAP client libraries
tend to depend on hostname resolution, so using them for hostname
resolution has often caused problems when 'files' or 'dns' couldn't come
up with an answer that was asked for while connecting to the directory
server. In those cases, the nss_ldap module would then recurse into
itself. If the host name resolution path involved taking a lock, the
process would get stuck, and if it didn't, it would encounter the same
problem and keep recursing until it crashed.
> And in /etc/ldap.conf:
>
> nss_base_hosts ou=Hosts,dc=foobar,dc=org?one
>
> If I try to do this on Fedora 15, it doesn't work at all. Is there a way to do this without having to install 'nss_ldap'? I also would like to get the 'netgroups' from LDAP... this was also working with Fedora 13.
If you're using nss-pam-ldapd, you'd want to put something like this in
your /etc/nslcd.conf and make sure the nslcd service is started:
base hosts ou=Hosts,dc=foobar,dc=org?one
HTH,
Nalin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
06-13-2011, 08:04 PM
Stephen Gallagher
nss_ldap + sssd for hostname resolution
On Mon, 2011-06-13 at 15:45 -0400, Luc Lalonde wrote:
> Hello Folks,
>
> I can't seem to get a combination that was working with Fedora 13 to
> work with Fedora 15.
>
> In Fedora 13 I would use these settings in /etc/nsswitch.conf:
>
> hosts: files dns ldap
>
> And in /etc/ldap.conf:
>
> nss_base_hosts ou=Hosts,dc=foobar,dc=org?one
>
> If I try to do this on Fedora 15, it doesn't work at all. Is there a
> way to do this without having to install 'nss_ldap'? I also would
> like to get the 'netgroups' from LDAP... this was also working with
> Fedora 13.
>
Fedora 15 switched to nss-pam-ldapd, which uses the /etc/nslcd.conf file
instead of /etc/ldap.conf (which was easy to confuse with the config
file for openldap).
SSSD now supports netgroups in Fedora 15, so you can just use
netgroups: files sss
We don't yet support the 'hosts' map, see
https://fedorahosted.org/sssd/ticket/359
> As it is now, I'm using 'nis' as a workaround for these mappings when I
> should be doing it with 'ldap'.
>
> Thank You!
>
>
> -- Luc Lalonde, analyste
> ---------------------------------------------------------------------
> Département de génie informatique: École polytechnique de Montréal
> (514) 340-4711 x5049 Luc.Lalonde@polymtl.ca
> ---------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
06-13-2011, 08:16 PM
Nalin Dahyabhai
nss_ldap + sssd for hostname resolution
On Mon, Jun 13, 2011 at 04:00:45PM -0400, Nalin Dahyabhai wrote:
> If you're using nss-pam-ldapd, you'd want to put something like this in
> your /etc/nslcd.conf and make sure the nslcd service is started:
> base hosts ou=Hosts,dc=foobar,dc=org?one
Strike that. It would actually be more like:
base hosts ou=Hosts,dc=foobar,dc=org
scope hosts one
Cheers,
Nalin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
06-14-2011, 01:57 PM
Luc Lalonde
nss_ldap + sssd for hostname resolution
Hello Nalin,
That did the trick!
Thanks for your help.
On Mon, Jun 13, 2011 at 04:00:45PM -0400, Nalin Dahyabhai wrote:
> If you're using nss-pam-ldapd, you'd want to put something like this in
> your /etc/nslcd.conf and make sure the nslcd service is started:
> base hosts ou=Hosts,dc=foobar,dc=org?one
Strike that. It would actually be more like:
base hosts ou=Hosts,dc=foobar,dc=org
scope hosts one
Cheers,
Nalin
--
Luc Lalonde, analyste
---------------------------------------------------------------------
Département de génie informatique:
École polytechnique de Montréal
(514) 340-4711 x5049
Luc.Lalonde@polymtl.ca
---------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
nss_ldap + sssd for hostname resolution
