Solaris 9 LDAP client cannot find username / groupname for non-root accounts - SUN

This is a discussion on Solaris 9 LDAP client cannot find username / groupname for non-root accounts - SUN ; I have a strange issue showing up on Solaris 9 running as an LDAP client (pointing to 5.2 P4). The root user can see all passwd entries using "getent passwd". When I su to a user other than root with ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Solaris 9 LDAP client cannot find username / groupname for non-root accounts

  1. Solaris 9 LDAP client cannot find username / groupname for non-root accounts

    I have a strange issue showing up on Solaris 9 running as an LDAP
    client (pointing to 5.2 P4). The root user can see all passwd entries
    using "getent passwd". When I su to a user other than root with an
    account only in LDAP I get the following:

    root@[sandbox03(SunOS-5.9-sparc):~]# su - jhigham
    mesg: cannot change mode
    I have no name!@[sandbox03(SunOS-5.9-sparc):~]$ id
    uid=2030 gid=14
    I have no name!@[sandbox03(SunOS-5.9-sparc):~]$ getent passwd jhigham
    I have no name!@[sandbox03(SunOS-5.9-sparc):~]$

    With root getent works just fine:
    root@[sandbox03(SunOS-5.9-sparc):~]# getent passwd jhigham
    jhigham::2030:14:Jeff Higham:/home/jhigham:/usr/bin/bash

    ldaplist -l passwd jhigham works fine for any user on the system.
    Here is my client config:

    root@[sandbox03(SunOS-5.9-sparc):~]# ldapclient list
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_BINDDN=
    cn=proxyagent,ou=profile,ou=unix_account,dc=dev,dc =wildblue,dc=net
    NS_LDAP_BINDPASSWD= {NS1}
    NS_LDAP_SERVERS=
    NS_LDAP_SEARCH_BASEDN= ou=unix_account,dc=dev,dc=wildblue,dc=net
    NS_LDAP_AUTH= tls:simple
    NS_LDAP_SEARCH_REF= FALSE
    NS_LDAP_CREDENTIAL_LEVEL= proxy

    The same behavior also shows up with "simple" rather than
    "tls:simple". All of my Solaris 10 clients work perfectly using a
    similar config.

    Thanks,

    -J


  2. Re: Solaris 9 LDAP client cannot find username / groupname for non-root accounts

    So far I have tracked this down to a permission issue somewhere. The
    post above was from a hardened system that has several permission
    modifications to make it more secure. I jumpstarted the server to a
    vanilla Solaris 9 (terminal release no patching) and the issue went
    away. I will post back when I discover which permission mods were
    creating the problem in the event it might help someone else.

    -J


+ Reply to Thread