I've installed nss_ldap, edited nsswitch.conf to use ldap; here is my /etc/ldap.conf contents:
host ldap.<mycompany>.com
base o=<mycompany>,c=<cc>
bind_policy soft
nss_reconnect_tries 4
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 16
nss_reconnect_maxconntries 2
When I do
getent passwd
I get a correct view of all the usernames in the company. But if I do
getent passwd <some user>
with a known valid username, nothing is returned, as if the user didn't exist. (it works for local non-ldap users)
If I compile nss_ldap with debug enabled, the former prints out a lot of debugging messages like: nss_ldap: ==> do_result nss_ldap: <== do_result nss_ldap: ==> _nss_ldap_assign_userpassword nss_ldap: <== _nss_ldap_assign_userpassword
but the latter does not show anything. There's nothing in syslog either.
This quite puzzles me. Where should I start looking for the problem ? any ideas where it could be ?
The client is running Gentoo linux, nss_ldap-264. The LDAP server is out of my control.
Do you use nscd, the naming caching daemon ? It could have a negative-cache of the user, in which case running
/usr/sbin/nscd -i passwdwould invalidate the cache and cause a re-fetch.getent passwdworks because it bypasses nscd.