Get all Ldap User list on client with (getent passwd) command
I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)
linux openldap
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
add a comment |
I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)
linux openldap
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
add a comment |
I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)
linux openldap
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)
linux openldap
linux openldap
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
asked Jul 4 '17 at 7:49
AbhishekAbhishek
111
111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.
To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from
passwd: compat
group: compat
shadow: compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:
BASE dc=somesite,dc=com
URI ldap://my.ldap.server.somesite.com
TIMELIMIT 10
You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.
After that you should be able to access the user ids by issuing getent passwd.
Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
Additional info:
- If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.
- at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).
- getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225491%2fget-all-ldap-user-list-on-client-with-getent-passwd-command%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.
To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from
passwd: compat
group: compat
shadow: compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:
BASE dc=somesite,dc=com
URI ldap://my.ldap.server.somesite.com
TIMELIMIT 10
You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.
After that you should be able to access the user ids by issuing getent passwd.
Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
Additional info:
- If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.
- at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).
- getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
add a comment |
I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.
To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from
passwd: compat
group: compat
shadow: compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:
BASE dc=somesite,dc=com
URI ldap://my.ldap.server.somesite.com
TIMELIMIT 10
You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.
After that you should be able to access the user ids by issuing getent passwd.
Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
Additional info:
- If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.
- at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).
- getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
add a comment |
I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.
To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from
passwd: compat
group: compat
shadow: compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:
BASE dc=somesite,dc=com
URI ldap://my.ldap.server.somesite.com
TIMELIMIT 10
You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.
After that you should be able to access the user ids by issuing getent passwd.
Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
Additional info:
- If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.
- at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).
- getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.
To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from
passwd: compat
group: compat
shadow: compat
to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:
BASE dc=somesite,dc=com
URI ldap://my.ldap.server.somesite.com
TIMELIMIT 10
You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.
After that you should be able to access the user ids by issuing getent passwd.
Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap
Additional info:
- If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.
- at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).
- getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
edited Jul 4 '17 at 12:31
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
answered Jul 4 '17 at 12:18
Gote GuruGote Guru
1014
1014
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225491%2fget-all-ldap-user-list-on-client-with-getent-passwd-command%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
