The name service switch


We already stored user and group data in the ldap directory. These data have to be visible to your unix system. Remember that you can see the owner and group names of files with "ls -l". The goal is that the system automatically queries the ldap directory. If you remember, the nsswitch.conf is usually the configuration file where the various databases for such "name services" are configured. Usually the databases are "files" or "nis" or "dns". We add ldap now. We need the nss_ldap package. Check with rpm:

rpm -ql nss_ldap

Install it if it is not there. Edit the nsswitch.conf and change the lines to:

passwd: files ldap
group: files ldap

Next edit the /etc/ldap.conf:

host ldapserver.redflo.de
base dc=redflo,dc=de
ldap_version 3


more details in "man nss_ldap".

To test the nss_ldap we use the command:

getent passwd

It should print out all local accounts (/etc/passwd, database "files") and the all ldap accounts. If you have problems try to switch on logging on your ldap server.

I encountered another problem: If you use the name service caching daemon (nscd) then it can be possible that it does not answer correctly to our ldap queries: The
getent passwd
works, but if you try
getent passwd joe
and if joe is only in the ldap database then it may be possible that nscd does not answer this question. In this case restart or switch off nscd - this is under investigation at the moment.