Again many thanks @pmhahn especially due to public holiday
the missing packages where reinstalled now the libnss-ldap.conf looks much better (configured by template)
all my univention-ldapsearch failed with
ldap_start_tls: Can’t contact LDAP server (-1)
the
root@dcsc:~# su -s /bin/bash -c 'su Administrator' nobody
Passwort:
bash: Kann die Prozessgruppe des Terminals nicht setzen (21370).: Unpassender IOCTL (I/O-Control) für das Gerät
bash: Keine Job Steuerung in dieser Shell.
Administrator@dcsc:/root$
is working…
the file permissions are set correctly
and the certs are valid
openssl x509 -in /etc/univention/ssl/dcsc/cert.pem --issuer_hash --subject_hash -noout
d9cfc7df
779e7d56
openssl x509 -in /etc/univention/ssl/ucsCA/certs/02.pem --issuer_hash --subject_hash -noout
d9cfc7df
779e7d56
as the pkg was reinstalled the ldapsearch looks good to me…
root@dcsc:~# ldapsearch -LLLZZx \
> -H "$(sed -ne 's/^uri //p;T;q' /etc/pam_ldap.conf)" \
> -D "$(sed -ne 's/^rootbinddn //p;T;q' /etc/pam_ldap.conf)" \
> -y /etc/pam_ldap.secret \
> -b "$(sed -ne 's/^base //p;T;q' /etc/pam_ldap.conf)" \
> -s base
dn: dc=office,dc=firma,dc=com
dc: office
univentionObjectType: container/dc
krb5RealmName: OFFICE.FIRMA.COM
nisDomain: office.firma.com
associatedDomain: office.firma.com
univentionPolicyReference: cn=default-settings,cn=pwhistory,cn=users,cn=polici
es,dc=office,dc=firma,dc=com
univentionPolicyReference: cn=default-users,cn=admin-settings,cn=users,cn=poli
cies,dc=office,dc=firma,dc=com
univentionPolicyReference: cn=UCS 4.0,cn=desktop,cn=policies,dc=office,dc=firma,dc=com
objectClass: top
objectClass: krb5Realm
objectClass: univentionPolicyReference
objectClass: nisDomainObject
objectClass: domainRelatedObject
objectClass: domain
objectClass: univentionBase
objectClass: univentionObject
objectClass: msGPO
msGPOLink: [LDAP://cn={E3FCC602-B559-43F7-A805-485A72E6A7FD},cn=policies,cn=sy
stem,DC=office,DC=firma,DC=com;0][LDAP://cn={EE351F7D-7A02-4592-B48F-FA69545
5CC8C},cn=policies,cn=system,DC=office,DC=firma,DC=com;0][LDAP://CN={31B2F34
0-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=office,DC=firma,DC=c
om;0][LDAP://CN={256D85C6-D75E-4A40-85C0-2AC14D87D74A},CN=Policies,CN=System,
DC=office,DC=firma,DC=com;0]
root@dcsc:~#