ldap-authorised group membership limit stuck at 8

["J. L. Brewer" <jamie.brewer [at] grindwork.com>]

The setup: an Ubuntu 10.01 server that hosts our CVS as well as the ldap database it's authenticating from, NFS and other services (there are workstations too but for the moment they're out of the picture).  OpenLDAP, nss-pam-ldapd, all current stable versions.

The problem: we set up a number of groups to do permission control with our different cvs project repositories (there's contractors, in-house people, different people on different projects and so on).  However we've hit a snag: We can only add a user to 8 groups before things start breaking down (this includes groups not in ldap such as the one for sudoers).  Trying to add a user to a 9th group results in them appearing in getent and in database queries as normal, but the user does not appear to be in the group when they invoke the 'id' command, and they can't use file permissions of that group.  A test on a machine without ldap auth did not reproduce the behavior.  UNIX has a group limit built in, I know, but the most cited number is 16, with 32 and 64 on some distros.  Someone in #openldap suggested something in nss_ldap might be the problem but has not (yet) elaborated.  Does anyone know what might be causing this?

~Jamie Brewer

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users