Nós apenas configuramos o ActiveDirectory na minha empresa e importamos todos os usuários e grupos do Linux.
No cliente linux: (configurado para solicitar o ldap no nsswitch.conf):
Se eu fizer uma pesquisa comum de ldaps para o servidor AD LDAP, receberei o número completo de aproximadamente 2580 usuários.
Mas se eu fizer isso, só recebe uma parte de todos os usuários, 1221 em número:
getent passwd | wc -l
A execução com strace mostra o tipo de tentativa de reconectar
Minhas ideias foram:
O procedimento de autenticação do linux executa o ldapsearch com um parâmetro incompatível com o AD ldap?
Ou provavelmente é um problema de codificação. O usuário do Windows é inserido no AD com todos os tipos de caracteres.
Talvez alguém possa esclarecer isso e dar uma dica de como depurá-lo ainda mais!
Aqui está o nosso ldap.conf
host audc01.mycompany.de audc03.mycompany.de
base ou=location,dc=mycompany,dc=de
ldap_version 3
binddn cn=manager,ou=location,dc=mycompany,dc=de
bindpw Password
timelimit 120
idle_timelimit 3600
nss_base_passwd cn=users,cn=import,ou=location,dc=mycompany,dc=de?sub
nss_base_group ou=location,dc=mycompany,dc=de?sub
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount User
# nss_map_objectclass shadowAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute cn sAMAccountName
# Display Name
nss_map_attribute gecos cn
##
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
# PAM attributes
pam_login_attribute sAMAccountName
# Location based login
pam_groupdn CN=Location-AU-Login,OU=au,OU=Location,DC=mycompany,DC=de
pam_member_attribute msSFU30PosixMember
##
pam_lookup_policy yes
pam_filter objectclass=User
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,couchdb,daemon,games,gdm,gnats,haldaemon,hplip,irc,kernoops,libuuid,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,statd,sync,sys,syslog,usbmux,uucp,www-data
e aqui o stacktrace de
strace getent passwd
poll([{fd=4, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 120000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "04getent passwd | wc -l
host audc01.mycompany.de audc03.mycompany.de
base ou=location,dc=mycompany,dc=de
ldap_version 3
binddn cn=manager,ou=location,dc=mycompany,dc=de
bindpw Password
timelimit 120
idle_timelimit 3600
nss_base_passwd cn=users,cn=import,ou=location,dc=mycompany,dc=de?sub
nss_base_group ou=location,dc=mycompany,dc=de?sub
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount User
# nss_map_objectclass shadowAccount User
nss_map_objectclass posixGroup Group
nss_map_attribute uid sAMAccountName
nss_map_attribute cn sAMAccountName
# Display Name
nss_map_attribute gecos cn
##
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
# PAM attributes
pam_login_attribute sAMAccountName
# Location based login
pam_groupdn CN=Location-AU-Login,OU=au,OU=Location,DC=mycompany,DC=de
pam_member_attribute msSFU30PosixMember
##
pam_lookup_policy yes
pam_filter objectclass=User
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,couchdb,daemon,games,gdm,gnats,haldaemon,hplip,irc,kernoops,libuuid,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,statd,sync,sys,syslog,usbmux,uucp,www-data
strace getent passwd
poll([{fd=4, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 120000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "04%pre%%pre%%pre%A", 8) = 8
read(4, "e4%pre%%pre%%pre%\n%pre%%pre%%pre%04%pre%%pre%%pre%+04%pre%%pre%%pre%%61.2."..., 63) = 63
stat64("/etc/ldap.conf", {st_mode=S_IFREG|0644, st_size=1151, ...}) = 0
geteuid32() = 12560
getsockname(4, {sa_family=AF_INET, sin_port=htons(60334), sin_addr=inet_addr("10.1.35.51")}, [16]) = 0
getpeername(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("10.1.5.81")}, [16]) = 0
time(NULL) = 1297684722
rt_sigaction(SIGPIPE, {SIG_DFL, [], 0}, NULL, 8) = 0
munmap(0xb7617000, 1721) = 0
close(3) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_DFL, [], 0}, NULL, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0
write(4, "0B%pre%", 7) = 7
shutdown(4, 2 /* send and receive */) = 0
close(4) = 0
shutdown(-1, 2 /* send and receive */) = -1 EBADF (Bad file descriptor)
close(-1) = -1 EBADF (Bad file descriptor)
exit_group(0) = ?
A", 8) = 8
read(4, "e4%pre%%pre%%pre%\n%pre%%pre%%pre%04%pre%%pre%%pre%+04%pre%%pre%%pre%%61.2."..., 63) = 63
stat64("/etc/ldap.conf", {st_mode=S_IFREG|0644, st_size=1151, ...}) = 0
geteuid32() = 12560
getsockname(4, {sa_family=AF_INET, sin_port=htons(60334), sin_addr=inet_addr("10.1.35.51")}, [16]) = 0
getpeername(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("10.1.5.81")}, [16]) = 0
time(NULL) = 1297684722
rt_sigaction(SIGPIPE, {SIG_DFL, [], 0}, NULL, 8) = 0
munmap(0xb7617000, 1721) = 0
close(3) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_DFL, [], 0}, NULL, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0
write(4, "0B%pre%", 7) = 7
shutdown(4, 2 /* send and receive */) = 0
close(4) = 0
shutdown(-1, 2 /* send and receive */) = -1 EBADF (Bad file descriptor)
close(-1) = -1 EBADF (Bad file descriptor)
exit_group(0) = ?