Playing with LDAP
Mar. 19th, 2015 07:10 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sawylFinally getting my act together to sort out LDAP, I got the server going but discovered a couple of problems whilst trying to get Linux to use it for authentication — essentially, I was able to look up users with some commands, e.g.
I eventually traced the problems back to a combination of
Exactly? Well, not quite. I enabled LDAP support on the storage appliances, only for the Lustre metadata servers to take themselves down for an unexpected reboot — not something that was mentioned in the documentation, but which is apparently mentioned in a later version of the software...
finger and getent passwd etc, worked but when I tried to obtain information on individual accounts using id or a targeted getent it failed to work.I eventually traced the problems back to a combination of
nscd and a lack of indices on the LDAP databases. Shutting down the caching daemon allowed me to use the slapd log events to see what was going on, at which point I was able to see what I needed to add to slapd.conf and to build the new indices with slapindex. With that done, I restarted nscd and found that both forward and reverse lookups worked exactly as expected.Exactly? Well, not quite. I enabled LDAP support on the storage appliances, only for the Lustre metadata servers to take themselves down for an unexpected reboot — not something that was mentioned in the documentation, but which is apparently mentioned in a later version of the software...
