Feed on
Posts
Comments

昨天神秘的問題發生完後,不死心再裝一台FreeBSD 6起來,只不過這次是i386版,之前是灌amd64。
依照正常程續把OpenLDAP/pam_ldap/nss_ldap弄起來後,user也可以登進系統,但是用id xxx或是finger xxx都無法對應到正確的uid/gid找到user,而ls -al的時候是只看得到uid/gid,但是用root去看又可以對映的到-_-。


看起來問題又回到NIS..好吧,至少這次沒有core dump。再重新檢查nss_ldap跟pam_ldap的設定檔,因為這兩個檔是同一個內容,所以我是用symbolic link把ldap.conf與nss_ldap.conf建立起來。拆成獨立設定檔,一樣找不到uid/gid。接著再review ldap.conf(nss_ldap.conf)的內容,其中這一段是:

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=Manager,dc=ychsiao,dc=org

# The credentials to bind with.
# Optional: default is no credential.
#bindpw password

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Manager,dc=ychsiao,dc=org

為什麼會看到這一段,因為在ldap log中,下了ls -al 或是id xxx時候,NIS會去OpenLDAP找資料。

Feb 3 07:42:14 orz slapd[374]: conn=157 fd=19 ACCEPT from IP=127.0.0.1:64324 (IP=0.0.0.0:389)
Feb 3 07:42:14 orz slapd[374]: conn=157 op=0 BIND dn=”” method=128
Feb 3 07:42:14 orz slapd[374]: conn=157 op=0 RESULT tag=97 err=0 text=
Feb 3 07:42:14 orz slapd[374]: conn=157 op=1 SRCH base=”dc=ychsiao,dc=org” scope=2 deref=0 filter=”(&(objectClass=posixAccount)(uidNumber=10000))”

怎麼看都不對,我明明有用rootbinddn要建立連線,結果log裡面的BIND dn是空白-_-,那修改一下設定成

binddn cn=Manager,dc=ychsiao,dc=org
bindpw password
#rootbinddn cn=Manager,dc=ychsiao,dc=org

log就會變成

Feb 3 07:44:24 orz slapd[374]: conn=166 op=0 BIND dn=”cn=Manager,dc=ychsiao,dc=org” method=128
Feb 3 07:44:24 orz slapd[374]: conn=166 op=0 BIND dn=”cn=Manager,dc=ychsiao,dc=org” mech=SIMPLE ssf=0
Feb 3 07:44:24 orz slapd[374]: conn=166 op=0 RESULT tag=97 err=0 text=
Feb 3 07:44:24 orz slapd[374]: conn=166 op=1 SRCH base=”dc=ychsiao,dc=org” scope=2 deref=0 filter=”(&(objectClass=posixAccount)(uidNumber=10000))”
Feb 3 07:44:24 orz slapd[374]: conn=166 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire
Feb 3 07:44:24 orz slapd[374]: conn=166 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 3 07:44:24 orz slapd[374]: conn=166 op=2 SRCH base=”dc=ychsiao,dc=org” scope=2 deref=0 filter=”(&(objectClass=posixGroup)(gidNumber=500))”
Feb 3 07:44:24 orz slapd[374]: conn=166 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Feb 3 07:44:24 orz slapd[374]: conn=166 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

啃~~只是我不太了解為啥amd64上面會直接core dump,i386只是對映不到uid/gid,來寫信請FreeBSD close pr好了Orz。

Comments are closed.