Re: Nested groups missing/groups without members
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Nested groups missing/groups without members
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Nested groups missing/groups without members
- Date: Fri, 02 Aug 2013 21:23:56 +0200
On Thu, 2013-08-01 at 11:12 +0200, Martijn van Brummelen wrote:
> I still found some issues:
> - one group gets resolved double, same groupname, same gid, seen with id
> $username.
Could you try this with the getent.ldap tool from the nslcd-utils
package (getent.ldap group.bymember SOMEUSER)? Please also include
output from nslcd -d.
> - in some groupnames some characters transfer from higher to lower case
> and lower to higher case.
> for example a groupname which contains:
> - Locatie becomes locatie
> - Doqu" becomes doqu
> - FenS becomes fens
> - B2 becomes b2
> - Aanmelden becomes aanmelden
> - mailinglist becomes Mailinglist
> Let me know if you need more information or more examples.
The comparison between the output of
ldapsearch -x -h localhost '(cn=PROBLEMGROUP)'
and:
getent.ldap group PROBLEMGROUP
and nslcd -d output of the getent command would be very helpful.
nslcd tries to work case sensitive in most cases however, it is not
always possible and it is recommended to to have group names (or users)
that differ just in case. One situation where this could get messed up
is when the DN has for instance
cn=locatie, ou=groups, dc=...
but the cn attribute value has Locatie. If you have ignorecase set to
yes you should be able to find groups ignoring case differences (case
insensitive comparison).
In any case, more information is very welcome.
Thanks,
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Re: Nested groups missing/groups without members, (continued)