This worked every time for 14.04 but it fails in 16.04
On the 16.04 machine a telnet (to my ldap server) 636
Connected to ldap.st-andrews.ac.uk.
Escape character is '^]'.
Which suggests the 16.04 machine sees the ldap server
Any help to resolve this would be sincerely appreciated
a getent returns only the contains of /etc/passwd on the local
University of St.Andrews,
School of Physics & Astronomy,
Fife KY16 9SS,
e-Mail :- [hidden email]
Tel :- (0)1334-463141
Fax :- (0)1334-463104
The University of St Andrews
is a charity registered in
Scotland : No SC013532.
> Any help to resolve this would be sincerely appreciated
> a getent returns only the contains of /etc/passwd on the local machine
I have had (and still have) a system 16.04 that can derive group and/or
user from an LDAP on the local network.
I have not used nsss.
The URI ldap:// did not work for me.
I used HOST and then an IP address, I believe.
I believe I employed unscd as a caching daemon because it functioned
better for a certain cause. My use case was for negative results
(nonexistent groups) to have a very long timeout (cache duration)
because otherwise they would hang the lookups and cause delays in mainly
log-in attemps and so on. I also set the timelimits and timeouts of
ldap.conf to very low values (seconds).
The libnss-ldap package is broken for a very long time already and they
won't fix it.
You have to run /usr/sbin/nssldap-update-ignoreusers manually as root to
ensure lookups are not performed through LDAP for system users and
But you didn't get that far yet.
I can't say anything else, I did nothing special. Although in the LDAP
database I have set "loginShell" to false because I didn't want these
users to be used for local login ;-).
When initially "getent" wouldn't work, it was because the URI thing
didn't work for me.