Get all Ldap User list on client with (getent passwd) command












0















I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)










share|improve this question



























    0















    I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)










    share|improve this question

























      0












      0








      0








      I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)










      share|improve this question














      I have open ldap server and client both on centos6. I need all the list of open ldap user on client side in (/etc/passwd)







      linux openldap






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 4 '17 at 7:49









      AbhishekAbhishek

      111




      111






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.



          To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from



             passwd:         compat
          group: compat
          shadow: compat


          to:



             passwd:         compat ldap
          group: compat ldap
          shadow: compat ldap


          This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:



          BASE    dc=somesite,dc=com
          URI ldap://my.ldap.server.somesite.com
          TIMELIMIT 10


          You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.



          After that you should be able to access the user ids by issuing getent passwd.



          Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap



          Additional info:




          • If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.

          • at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).

          • getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.






          share|improve this answer

























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225491%2fget-all-ldap-user-list-on-client-with-getent-passwd-command%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.



            To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from



               passwd:         compat
            group: compat
            shadow: compat


            to:



               passwd:         compat ldap
            group: compat ldap
            shadow: compat ldap


            This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:



            BASE    dc=somesite,dc=com
            URI ldap://my.ldap.server.somesite.com
            TIMELIMIT 10


            You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.



            After that you should be able to access the user ids by issuing getent passwd.



            Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap



            Additional info:




            • If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.

            • at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).

            • getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.






            share|improve this answer






























              0














              I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.



              To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from



                 passwd:         compat
              group: compat
              shadow: compat


              to:



                 passwd:         compat ldap
              group: compat ldap
              shadow: compat ldap


              This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:



              BASE    dc=somesite,dc=com
              URI ldap://my.ldap.server.somesite.com
              TIMELIMIT 10


              You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.



              After that you should be able to access the user ids by issuing getent passwd.



              Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap



              Additional info:




              • If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.

              • at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).

              • getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.






              share|improve this answer




























                0












                0








                0







                I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.



                To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from



                   passwd:         compat
                group: compat
                shadow: compat


                to:



                   passwd:         compat ldap
                group: compat ldap
                shadow: compat ldap


                This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:



                BASE    dc=somesite,dc=com
                URI ldap://my.ldap.server.somesite.com
                TIMELIMIT 10


                You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.



                After that you should be able to access the user ids by issuing getent passwd.



                Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap



                Additional info:




                • If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.

                • at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).

                • getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.






                share|improve this answer















                I'm not sure I understand your question correctly, but I assume you want to let the system know the users stored in LDAP.



                To achieve this you have to tell the nsswitch system how to collect user info. Edit the /etc/nsswitch.conf file from



                   passwd:         compat
                group: compat
                shadow: compat


                to:



                   passwd:         compat ldap
                group: compat ldap
                shadow: compat ldap


                This way you tell the system to search first in the local database (e.g. the group, passwd and shadow files) then search in ldap. Of course you need properly working LDAP environment, otherwise the system can't find the ldap data. You need the nss_ldap package to get the ldap feature for nss. If you didn't do that already, you have to configure the LDAP system in /etc/ldap.conf or /etc/ldap/ldap.conf and/or /etc/openldap/ldap.conf according to your LDAP environment. For example:



                BASE    dc=somesite,dc=com
                URI ldap://my.ldap.server.somesite.com
                TIMELIMIT 10


                You may prefer your centos tool system-config-authentication (Information / Enable LDAP Support) to do this.



                After that you should be able to access the user ids by issuing getent passwd.



                Alternatively you may want to use sssd to act as a middleman to contact ldap as documented here: https://wiki.contribs.org/Client_Authentication:Centos_via_sssd/ldap



                Additional info:




                • If you are using some name switch caching software (like sssd or nslcd) you must update that config (if needed) and restart the service.

                • at a crowded site constantly querying LDAP can be overkill. You can mitigate the problem using the aforementioned caching softwares (nslcd).

                • getting passwd/group info from LDAP and authentication are completely different species. If you want to authenticate against ldap you must change the PAM setting. That's a different story.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jul 4 '17 at 12:31

























                answered Jul 4 '17 at 12:18









                Gote GuruGote Guru

                1014




                1014






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1225491%2fget-all-ldap-user-list-on-client-with-getent-passwd-command%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    How to make a Squid Proxy server?

                    Is this a new Fibonacci Identity?

                    19世紀