nslcd is a fail on lucid for me. Trying to start from upstart fails. Running it by hand in debug mode works but when trying to su from one LDAP user to another it again fails:
# service nslcd start
* Starting LDAP connection daemon nslcd nslcd: unable to daemonize: No such device
Seems to work in debug mode
# /usr/sbin/nslcd -d
nslcd: DEBUG: add_uri(ldaps://10.xx.xx.xx)
nslcd: DEBUG: add_uri(ldaps://10.xx.xx.xxx)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0)
nslcd: version 0.7.2 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(126) done
nslcd: DEBUG: setuid(117) done
nslcd: accepting connections
When I try to su to another user however, more fail:
[2]# sudo -u nslcd nslcd -d
nslcd: DEBUG: add_uri(ldaps://10.12.51.165)
nslcd: DEBUG: add_uri(ldaps://10.14.13.250)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0)
nslcd: version 0.7.2 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: cannot setgroups(0,NULL) (ignored): Operation not permitted
nslcd: DEBUG: setgid(126) done
nslcd: DEBUG: setuid(117) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=13359 uid=0 gid=1000
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(user333)
nslcd: [8b4567] DEBUG: myldap_search(base="ou=HDA,ou=DC,o=FMW", filter="(&(objectClass=posixAccount)(uid=user333))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldaps://10.12.51.165)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://10.12.51.165")
nslcd: [8b4567] connected to LDAP server ldaps://10.12.51.165
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=13359 uid=0 gid=1000
nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(user333)
nslcd: [7b23c6] DEBUG: myldap_search(base="ou=HDA,ou=DC,o=FMW", filter="(&(objectClass=posixAccount)(uid=user333))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldaps://10.12.51.165)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://10.12.51.165")
nslcd: [7b23c6] connected to LDAP server ldaps://10.12.51.165
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=13359 uid=1000 gid=1000
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(user333)
nslcd: [3c9869] DEBUG: myldap_search(base="ou=HDA,ou=DC,o=FMW", filter="(&(objectClass=posixAccount)(uid=user333))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldaps://10.12.51.165)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [3c9869] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://10.12.51.165")
nslcd: [3c9869] connected to LDAP server ldaps://10.12.51.165
nslcd: [3c9869] DEBUG: ldap_result(): end of results
output of below command ^^^^^^^^^^^^^^^^^^^^^^^^^^
$ su - user333
Password:
setgid: Operation not permitted
nslcd is a fail on lucid for me. Trying to start from upstart fails. Running it by hand in debug mode works but when trying to su from one LDAP user to another it again fails:
# service nslcd start
* Starting LDAP connection daemon nslcd nslcd: unable to daemonize: No such device
Seems to work in debug mode ldaps:/ /10.xx. xx.xx) ldaps:/ /10.xx. xx.xxx) option( LDAP_OPT_ X_TLS_REQUIRE_ CERT,0) nslcd/socket failed (ignored): No such file or directory
# /usr/sbin/nslcd -d
nslcd: DEBUG: add_uri(
nslcd: DEBUG: add_uri(
nslcd: DEBUG: ldap_set_
nslcd: version 0.7.2 starting
nslcd: DEBUG: unlink() of /var/run/
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(126) done
nslcd: DEBUG: setuid(117) done
nslcd: accepting connections
When I try to su to another user however, more fail: ldaps:/ /10.12. 51.165) ldaps:/ /10.14. 13.250) option( LDAP_OPT_ X_TLS_REQUIRE_ CERT,0) nslcd/socket failed (ignored): No such file or directory byname( user333) search( base="ou= HDA,ou= DC,o=FMW" , filter= "(&(objectClass =posixAccount) (uid=user333) )") (ldaps: //10.12. 51.165) rebind_ proc() option( LDAP_OPT_ PROTOCOL_ VERSION, 3) option( LDAP_OPT_ DEREF,0) option( LDAP_OPT_ TIMELIMIT, 0) option( LDAP_OPT_ TIMEOUT, 0) option( LDAP_OPT_ NETWORK_ TIMEOUT, 0) option( LDAP_OPT_ REFERRALS, LDAP_OPT_ ON) option( LDAP_OPT_ RESTART, LDAP_OPT_ ON) option( LDAP_OPT_ X_TLS,LDAP_ OPT_X_TLS_ HARD) bind_s( NULL,NULL) (uri="ldaps: //10.12. 51.165" ) /10.12. 51.165 byname( user333) search( base="ou= HDA,ou= DC,o=FMW" , filter= "(&(objectClass =posixAccount) (uid=user333) )") (ldaps: //10.12. 51.165) rebind_ proc() option( LDAP_OPT_ PROTOCOL_ VERSION, 3) option( LDAP_OPT_ DEREF,0) option( LDAP_OPT_ TIMELIMIT, 0) option( LDAP_OPT_ TIMEOUT, 0) option( LDAP_OPT_ NETWORK_ TIMEOUT, 0) option( LDAP_OPT_ REFERRALS, LDAP_OPT_ ON) option( LDAP_OPT_ RESTART, LDAP_OPT_ ON) option( LDAP_OPT_ X_TLS,LDAP_ OPT_X_TLS_ HARD) bind_s( NULL,NULL) (uri="ldaps: //10.12. 51.165" ) /10.12. 51.165 byname( user333) search( base="ou= HDA,ou= DC,o=FMW" , filter= "(&(objectClass =posixAccount) (uid=user333) )") (ldaps: //10.12. 51.165) rebind_ proc() option( LDAP_OPT_ PROTOCOL_ VERSION, 3) option( LDAP_OPT_ DEREF,0) option( LDAP_OPT_ TIMELIMIT, 0) option( LDAP_OPT_ TIMEOUT, 0) option( LDAP_OPT_ NETWORK_ TIMEOUT, 0) option( LDAP_OPT_ REFERRALS, LDAP_OPT_ ON) option( LDAP_OPT_ RESTART, LDAP_OPT_ ON) option( LDAP_OPT_ X_TLS,LDAP_ OPT_X_TLS_ HARD) bind_s( NULL,NULL) (uri="ldaps: //10.12. 51.165" ) /10.12. 51.165
[2]# sudo -u nslcd nslcd -d
nslcd: DEBUG: add_uri(
nslcd: DEBUG: add_uri(
nslcd: DEBUG: ldap_set_
nslcd: version 0.7.2 starting
nslcd: DEBUG: unlink() of /var/run/
nslcd: cannot setgroups(0,NULL) (ignored): Operation not permitted
nslcd: DEBUG: setgid(126) done
nslcd: DEBUG: setuid(117) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=13359 uid=0 gid=1000
nslcd: [8b4567] DEBUG: nslcd_passwd_
nslcd: [8b4567] DEBUG: myldap_
nslcd: [8b4567] DEBUG: ldap_initialize
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_set_
nslcd: [8b4567] DEBUG: ldap_simple_
nslcd: [8b4567] connected to LDAP server ldaps:/
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=13359 uid=0 gid=1000
nslcd: [7b23c6] DEBUG: nslcd_passwd_
nslcd: [7b23c6] DEBUG: myldap_
nslcd: [7b23c6] DEBUG: ldap_initialize
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_set_
nslcd: [7b23c6] DEBUG: ldap_simple_
nslcd: [7b23c6] connected to LDAP server ldaps:/
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=13359 uid=1000 gid=1000
nslcd: [3c9869] DEBUG: nslcd_passwd_
nslcd: [3c9869] DEBUG: myldap_
nslcd: [3c9869] DEBUG: ldap_initialize
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_set_
nslcd: [3c9869] DEBUG: ldap_simple_
nslcd: [3c9869] connected to LDAP server ldaps:/
nslcd: [3c9869] DEBUG: ldap_result(): end of results
$ su - user333
Password:
setgid: Operation not permitted