LUM users returns no values in Linux command terminal

This could be the issue with either LDAP server specified in /etc/nam.conf file or insufficient rights to container in which users are present

To resolve the issue follow the steps below:

1.       Check SSL certificates for the LDAP server in /etc/nam.conf file.

1.1.     Open iManager, click Novell Certificate Access and in turn select Server Certificates option

1.2.     Click object selector (magnifying glass icon) and browse to select the LDAP server which is specified in /etc/nam.conf file.

1.3.     Check all certificates and click on validate.

1.4.     If any of the certificates shows invalid or expired, delete all SSL certificates and then recreate them.  

1.5.     Under Roles and Tasks select Novell Certificate Server  and click on Create default Certificates. Select LDAP server using object selector (magnifying glass icon) and click next

1.6.     Select the default options and click next and finally click finish. Follow steps 1.3 to ensure the created certificates are valid.

2.        Check LDAP connectivity.

2.1.     On Linux

nldap –u

nldap -l

2.2.     On NetWare

unload nldap

load nldap

2.3.     In Linux terminal window use netstat command to check LDAP connectivity on port 389 and 636

netstat –anp |grep 389

netstat –anp |grep 636

On Netware use tcpcon to check the ports mentioned above.

Note: ICE or LDAP browser can also be used to check the connectivity

3.       Change LDAP server in /etc/nam.conf file

3.1.     Replace the preferred LDAP server and point it to the LDAP server which holds the Master or Read Write replica in a tree for root or for the partition in which the server and LUM user resides. This could be done using “vi” or “gedit”

3.2.     Restart LUM services using the commands below:

namconfig –k

namconfig cache_refresh

rcnamcd restart

rcnamcd status

id <username>

4.       Make sure [PUBLIC] has browse rights for Entry and read/compare for All Attributes

If [Public] does not have the correct rights, remove it as a trustee from all levels in the tree and then add it back as an explicit trustee of [Root] with browse rights for Entry and read/compare for All Attributes with inheritable so that the rights flow down to the container in which the LUM users are present.

Once the rights are set, we will be able to do a LDAP search

ldapsearch -x -h <ip address of  LDAP server> cn=admin

Note: The above command should return UID and GID values for admin. If  the values are not displayed, replace the LDAP group object with default LDAP group. Refer to step 5

5.       Replacing the LDAP group object with a default one

5.1.     Find the LDAP server and LDAP group object for the LDAP specified in /etc/nam.conf  file.

5.2.     Make note of the "ldapConfigVersion" attribute in the other tab for the LDAP group object.  

5.3.     Create a new test LDAP group object and modify the "ldapConfigVersion" attribute to match the original.  

5.4.     Then modify the LDAP server to point to this new test LDAP group object instead of the existing one.

Finally if none of the above methods resolve the issue, we need to reconfigure Linux User Management in YAST. Check additional information section of this document on how to reconfigure using YAST.