Ubuntu
nss-pam-ldapd package

Bug #1781035
Comment #2

Comment 2 for bug 1781035

Revision history for this message

Kabanov Dmitry (kabanovdmitry) wrote on 2018-07-12:

Here it is. I anonymize it a bit by replacing domain and server names.

admin@machine:~$ sudo -s
[sudo] password for admin:
root@machine:~# service nslcd stop
root@machine:~# nslcd -d
nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.6
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/ca-certificates.crt")
nslcd: DEBUG: CFG: threads 5
nslcd: DEBUG: CFG: uid nslcd
nslcd: DEBUG: CFG: gid 132
nslcd: DEBUG: CFG: uri ldap://wsldc1sr01.kaust.edu.sa/
nslcd: DEBUG: CFG: ldap_version 3
nslcd: DEBUG: CFG: base DC=XXXXX,DC=XXX,DC=XX
nslcd: DEBUG: CFG: scope sub
nslcd: DEBUG: CFG: deref never
nslcd: DEBUG: CFG: referrals yes
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias)
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device)
nslcd: DEBUG: CFG: filter group (objectClass=posixGroup)
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost)
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup)
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork)
nslcd: DEBUG: CFG: filter passwd (objectClass=posixAccount)
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol)
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc)
nslcd: DEBUG: CFG: filter services (objectClass=ipService)
nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount)
nslcd: DEBUG: CFG: map group userPassword "*"
nslcd: DEBUG: CFG: map passwd userPassword "*"
nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}"
nslcd: DEBUG: CFG: map shadow userPassword "*"
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}"
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}"
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}"
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}"
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}"
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}"
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}"
nslcd: DEBUG: CFG: bind_timelimit 10
nslcd: DEBUG: CFG: timelimit 0
nslcd: DEBUG: CFG: idle_timelimit 0
nslcd: DEBUG: CFG: reconnect_sleeptime 1
nslcd: DEBUG: CFG: reconnect_retrytime 10
nslcd: DEBUG: CFG: ssl off
nslcd: DEBUG: CFG: tls_reqcert demand
nslcd: DEBUG: CFG: tls_cacertfile /etc/ssl/certs/ca-certificates.crt
nslcd: DEBUG: CFG: pagesize 0
nslcd: DEBUG: CFG: nss_min_uid 0
nslcd: DEBUG: CFG: nss_nested_groups no
nslcd: DEBUG: CFG: nss_getgrent_skipmembers no
nslcd: DEBUG: CFG: nss_disable_enumeration no
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@$()~-])?$/i
nslcd: DEBUG: CFG: ignorecase no
nslcd: DEBUG: CFG: cache dn2uid 15m 15m
nslcd: version 0.9.6 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",132) done
nslcd: DEBUG: setgid(132) done
nslcd: DEBUG: setuid(126) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=9501 uid=124296 gid=1124296
nslcd: [8b4567] <usermod="kabanod"> DEBUG: nslcd_usermod("kabanod",asuser,"***")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: nslcd_usermod(shell="/usr/bin/zsh")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: myldap_search(base="DC=XXXXX,DC=XXX,DC=XX", filter="(&(objectClass=posixAccount)(uid=kabanod))")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_initialize(ldap://servername/)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://servername/")
nslcd: [8b4567] <usermod="kabanod"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
nslcd: [8b4567] <usermod="kabanod"> DEBUG: "kabanod": user not found: Operations error
^Cnslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: ldap_unbind()
nslcd: version 0.9.6 bailing out

Here it is. I anonymize it a bit by replacing domain and server names.

admin@machine:~$ sudo -s
[sudo] password for admin: 
root@machine:~# service nslcd stop
root@machine:~# nslcd -d
nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.6
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/ca-certificates.crt")
nslcd: DEBUG: CFG: threads 5
nslcd: DEBUG: CFG: uid nslcd
nslcd: DEBUG: CFG: gid 132
nslcd: DEBUG: CFG: uri ldap://wsldc1sr01.kaust.edu.sa/
nslcd: DEBUG: CFG: ldap_version 3
nslcd: DEBUG: CFG: base DC=XXXXX,DC=XXX,DC=XX
nslcd: DEBUG: CFG: scope sub
nslcd: DEBUG: CFG: deref never
nslcd: DEBUG: CFG: referrals yes
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias)
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device)
nslcd: DEBUG: CFG: filter group (objectClass=posixGroup)
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost)
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup)
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork)
nslcd: DEBUG: CFG: filter passwd (objectClass=posixAccount)
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol)
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc)
nslcd: DEBUG: CFG: filter services (objectClass=ipService)
nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount)
nslcd: DEBUG: CFG: map group userPassword "*"
nslcd: DEBUG: CFG: map passwd userPassword "*"
nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}"
nslcd: DEBUG: CFG: map shadow userPassword "*"
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}"
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}"
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}"
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}"
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}"
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}"
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}"
nslcd: DEBUG: CFG: bind_timelimit 10
nslcd: DEBUG: CFG: timelimit 0
nslcd: DEBUG: CFG: idle_timelimit 0
nslcd: DEBUG: CFG: reconnect_sleeptime 1
nslcd: DEBUG: CFG: reconnect_retrytime 10
nslcd: DEBUG: CFG: ssl off
nslcd: DEBUG: CFG: tls_reqcert demand
nslcd: DEBUG: CFG: tls_cacertfile /etc/ssl/certs/ca-certificates.crt
nslcd: DEBUG: CFG: pagesize 0
nslcd: DEBUG: CFG: nss_min_uid 0
nslcd: DEBUG: CFG: nss_nested_groups no
nslcd: DEBUG: CFG: nss_getgrent_skipmembers no
nslcd: DEBUG: CFG: nss_disable_enumeration no
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@$()~-])?$/i
nslcd: DEBUG: CFG: ignorecase no
nslcd: DEBUG: CFG: cache dn2uid 15m 15m
nslcd: version 0.9.6 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",132) done
nslcd: DEBUG: setgid(132) done
nslcd: DEBUG: setuid(126) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=9501 uid=124296 gid=1124296
nslcd: [8b4567] <usermod="kabanod"> DEBUG: nslcd_usermod("kabanod",asuser,"***")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: nslcd_usermod(shell="/usr/bin/zsh")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: myldap_search(base="DC=XXXXX,DC=XXX,DC=XX", filter="(&(objectClass=posixAccount)(uid=kabanod))")
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_initialize(ldap://servername/)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <usermod="kabanod"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://servername/")
nslcd: [8b4567] <usermod="kabanod"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
nslcd: [8b4567] <usermod="kabanod"> DEBUG: "kabanod": user not found: Operations error
^Cnslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: ldap_unbind()
nslcd: version 0.9.6 bailing out

Ubuntunss-pam-ldapd package

Comment 2 for bug 1781035

Ubuntu
nss-pam-ldapd package