RSS feed

Re: ldap-authorised group membership limit stuck at 8

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: ldap-authorised group membership limit stuck at 8

On Mon, 2011-02-07 at 20:12 -0700, J. L. Brewer wrote:
> We can only add a user to 8 groups before things start breaking down
> (this includes groups not in ldap such as the one for sudoers).
> Trying to add a user to a 9th group results in them appearing in
> getent and in database queries as normal, but the user does not appear
> to be in the group when they invoke the 'id' command, and they can't
> use file permissions of that group.

I cannot reproduce this at the moment. In my test environment I've just
added a user to 18 groups and everything still works fine. Both
  id user
  groups user
return the correct information. When I log in (using su) and run
I also get the expected information.

Can you provide some more information? Contents of /etc/nsswitch.conf,
any output nslcd -d gives with the groups command, would help as well as
versions of libc, nss-pam-ldapd and whether nscd is running. Also, do
all of the above tests provide the expected information?

The call to get the groups that a user belongs in is different from the
normal getent calls so that could explain the difference. Note that the
groups need to have a different numeric id, otherwise they will not
appear different.

-- arthur - - --

To unsubscribe send an email to or see