LUM users returns no values in Linux command terminal

  • 7005782
  • 19-Apr-2010
  • 27-Apr-2012


Novell eDirectory 8.8 for Linux
Linux User Management
Novell iManager 2.7


LUM users return no values in Linux command terminal
UID and GID values are 0
Admin user shows no values for UID and GID
LUM users and groups displayed without UID and GID values


This could be the issue with either LDAP server specified in /etc/nam.conf file or insufficient rights to container in which users are present

To resolve the issue follow the steps below:


1.       Check SSL certificates for the LDAP server in /etc/nam.conf file.

1.1.     Open iManager, click Novell Certificate Access and in turn select Server Certificates option

1.2.     Click object selector (magnifying glass icon) and browse to select the LDAP server which is specified in /etc/nam.conf file.

1.3.     Check all certificates and click on validate.

1.4.     If any of the certificates shows invalid or expired, delete all SSL certificates and then recreate them.  

1.5.     Under Roles and Tasks select Novell Certificate Server  and click on Create default Certificates. Select LDAP server using object selector (magnifying glass icon) and click next

1.6.     Select the default options and click next and finally click finish. Follow steps 1.3 to ensure the created certificates are valid.


2.        Check LDAP connectivity.

2.1.     On Linux

nldap –u

nldap -l


2.2.     On NetWare

unload nldap

load nldap


2.3.     In Linux terminal window use netstat command to check LDAP connectivity on port 389 and 636

netstat –anp |grep 389

netstat –anp |grep 636


On Netware use tcpcon to check the ports mentioned above.

Note: ICE or LDAP browser can also be used to check the connectivity


3.       Change LDAP server in /etc/nam.conf file

3.1.     Replace the preferred LDAP server and point it to the LDAP server which holds the Master or Read Write replica in a tree for root or for the partition in which the server and LUM user resides. This could be done using “vi” or “gedit”

3.2.     Restart LUM services using the commands below:

namconfig –k

namconfig cache_refresh

rcnamcd restart

rcnamcd status

id <username>

Note: As far as admin user is concerned, it should not be present in /etc/passwd file and admin specific group should not be present in /etc/group file on the Linux server.


4.       Make sure [PUBLIC] has browse rights for Entry and read/compare for All Attributes

If [Public] does not have the correct rights, remove it as a trustee from all levels in the tree and then add it back as an explicit trustee of [Root] with browse rights for Entry and read/compare for All Attributes with inheritable so that the rights flow down to the container in which the LUM users are present.


Once the rights are set, we will be able to do a LDAP search

ldapsearch -x -h <ip address of  LDAP server> cn=admin


Note: The above command should return UID and GID values for admin. If  the values are not displayed, replace the LDAP group object with default LDAP group. Refer to step 5


5.       Replacing the LDAP group object with a default one

5.1.     Find the LDAP server and LDAP group object for the LDAP specified in /etc/nam.conf  file.

5.2.     Make note of the "ldapConfigVersion" attribute in the other tab for the LDAP group object.  

5.3.     Create a new test LDAP group object and modify the "ldapConfigVersion" attribute to match the original.  

5.4.     Then modify the LDAP server to point to this new test LDAP group object instead of the existing one.

5.5.     Reload LDAP. Refer to steps 2.1 for Linux and 2.2 for NetWare
Note: Sometimes the attribute mapping in LDAP group gets mis-matched and the UID, GIDvalues are not correctly mapped. Replace the old LDAP group with a new one. We can also search for attribute mappings in LDAP group properties and then replace UID and GID with correct ones.

Finally if none of the above methods resolve the issue, we need to reconfigure Linux User Management in YAST. Check additional information section of this document on how to reconfigure using YAST.

Additional Information

Re-configure LUM in YAST

1.       Open YAST  and OES install and Configuration

2.       Select Linux User Management  and click next.

3.       Check for the summary page and then click on change and select Linux User Management

4.       Select Directory Server Address (LDAP server), Unix config object should be in either upper most container or the location in which the first server was installed with LUM and Unix Workstation object should be present in the context in which the server resides.

5.       Click next and select required authentication services.

6.       Click next and finish


Note: If a Linux/UNIX Config object already exists in the eDirectory tree, specify its name and context. If no Linux/UNIX Config object exists in eDirectory, specify the name and context for a new Linux/UNIX Config object to be created