Re: Fwd: map group uniqueMember sAMAccountName

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Patrik <alabard [at] gmail.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Fwd: map group uniqueMember sAMAccountName
Date: Fri, 10 Feb 2017 10:39:59 +0100

Arthur!

now nsswitch.conf:

passwd: files ldap

group: files ldap

shadow: files ldap

gshadow: files

That's right.

I am trying to create a query that uses the username with group:

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHome$

map passwd uid sAMAccountName

map passwd homeDirectory unixHomeDirectory

map passwd gecos displayName

map passwd gidNumber gidNumber

filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHome$

map shadow uid sAMAccountName

map shadow shadowLastChange pwdLastSet

filter group (objectClass=user)

map group gidNumber gidNumber

map group member sAMAccountName

It is in a Samba AD. Still now working with group. How can I not need a Samba group and use that is the same as the username? Like usual linux setup.

The debug shows nothing about the group:

nslcd: [e91b18] <passwd=10000> DEBUG: myldap_search(base="DC=ac,DC=patrikx3,DC=tk", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(uidNumber=10000))")

nslcd: [e91b18] <passwd=10000> DEBUG: ldap_result(): CN=patrikx3,CN=Users,DC=ac,DC=patrikx3,DC=tk

nslcd: [e91b18] <passwd=10000> DEBUG: ldap_result(): end of results (1 total)

nslcd: [437fdb] DEBUG: connection from pid=2861 uid=0 gid=0

nslcd: [437fdb] <passwd="patrikx3"> DEBUG: myldap_search(base="DC=ac,DC=patrikx3,DC=tk", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=patrikx3))")

nslcd: [437fdb] <passwd="patrikx3"> DEBUG: ldap_result(): CN=patrikx3,CN=Users,DC=ac,DC=patrikx3,DC=tk

nslcd: [437fdb] <passwd="patrikx3"> DEBUG: ldap_result(): end of results (1 total)

nslcd: [44a45c] DEBUG: connection from pid=2864 uid=10000 gid=10000

nslcd: [44a45c] <passwd=10000> DEBUG: myldap_search(base="DC=ac,DC=patrikx3,DC=tk", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(uidNumber=10000))")

nslcd: [44a45c] <passwd=10000> DEBUG: ldap_result(): CN=patrikx3,CN=Users,DC=ac,DC=patrikx3,DC=tk

nslcd: [44a45c] <passwd=10000> DEBUG: ldap_result(): end of results (1 total)

nslcd: [fff902] DEBUG: connection from pid=2921 uid=0 gid=0

nslcd: [fff902] <group/member="root"> DEBUG: myldap_search(base="DC=ac,DC=patrikx3,DC=tk", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=root))")

nslcd: [fff902] <group/member="root"> DEBUG: ldap_result(): end of results (0 total)

nslcd: [fff902] <group/member="root"> DEBUG: myldap_search(base="DC=ac,DC=patrikx3,DC=tk", filter="(&(objectClass=group)(memberUid=root))")

nslcd: [fff902] <group/member="root"> DEBUG: ldap_result(): end of results (0 total)

Patrik

GTalk:
alabard [at] gmail.com

Web:

http://www.patrikx3.tk

Mobile:

+36 20 342 8046

On Fri, Feb 10, 2017 at 10:14 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Fri, 2017-02-10 at 09:35 +0100, Patrik wrote:
> If you have time to help!
>
> nsswtich:
> passwd: compat ldap
> group: compat ldap
> shadow: compat ldap
> gshadow: files

I personally prefer files over compat unless you do things with
netgroups. They should be equivalent in most cases and shouldn't matter
for the problem you're seeing.

> why still is not showing up with my group name?
> drwxr-xr-x 4 root root 4096 Feb 8 00:14 .
> drwxr-xr-x 22 root root 4096 Feb 9 02:46 ..
> drwxr-xr-x 7 patrikx3 10000 4096 Feb 9 21:35 patrikx3
> drwxr-xr-x 5 root root 4096 Feb 7 04:17 samba
>
> How can I make it be patrikx3 as the group name? Is it an error?

The patrikx3 group needs to exist in LDAP for it to show up. The
easiest way to perform a group lookup from the command line is
getent group 10000

If you are tweaking your configuration be sure to stop nscd because it
may cache some values. To get more useful debugging info you can run
nslcd with the -d option so see what it does exactly.

For group lookups the cn attribute should be mapped to the name of the
group, gidNumber to the numeric group id. You can use memberUid to map
to usersnames that are in the group and member to user distinguished
names. For the lookup above you just need the cn and gidNumber
attributes working, the member(Uid) attributes are only needed for user
secondary groups.

Hope this helps,

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: map group uniqueMember sAMAccountName, (continued)
- Re: map group uniqueMember sAMAccountName, Arthur de Jong
  - Message not available
    - Message not available
      - Fwd: map group uniqueMember sAMAccountName, Patrik
        
        Re: map group uniqueMember sAMAccountName, Patrik
        
        Re: Fwd: map group uniqueMember sAMAccountName, Arthur de Jong
        
        Re: Fwd: map group uniqueMember sAMAccountName, Patrik
        
        Re: Fwd: map group uniqueMember sAMAccountName, Arthur de Jong
        Re: Fwd: map group uniqueMember sAMAccountName, Patrik
        Re: Fwd: map group uniqueMember sAMAccountName, Arthur de Jong
        Re: Fwd: map group uniqueMember sAMAccountName, Patrik

Prev by Date: Re: Fwd: map group uniqueMember sAMAccountName
Next by Date: Re: Fwd: map group uniqueMember sAMAccountName
Previous by thread: Re: Fwd: map group uniqueMember sAMAccountName
Next by thread: Re: Fwd: map group uniqueMember sAMAccountName