Re: ldap-authorised group membership limit stuck at 8
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: ldap-authorised group membership limit stuck at 8
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: "J. L. Brewer" <jamie.brewer [at] grindwork.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: ldap-authorised group membership limit stuck at 8
- Date: Tue, 08 Feb 2011 19:28:51 +0100
On Mon, 2011-02-07 at 20:12 -0700, J. L. Brewer wrote:
> We can only add a user to 8 groups before things start breaking down
> (this includes groups not in ldap such as the one for sudoers).
> Trying to add a user to a 9th group results in them appearing in
> getent and in database queries as normal, but the user does not appear
> to be in the group when they invoke the 'id' command, and they can't
> use file permissions of that group.
I cannot reproduce this at the moment. In my test environment I've just
added a user to 18 groups and everything still works fine. Both
id user
and
groups user
return the correct information. When I log in (using su) and run
id
I also get the expected information.
Can you provide some more information? Contents of /etc/nsswitch.conf,
any output nslcd -d gives with the groups command, would help as well as
versions of libc, nss-pam-ldapd and whether nscd is running. Also, do
all of the above tests provide the expected information?
The call to get the groups that a user belongs in is different from the
normal getent calls so that could explain the difference. Note that the
groups need to have a different numeric id, otherwise they will not
appear different.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
