Re: cannot find name for group ID on all groups

[Tom Farrow <tom.farrow [at] first-utility.com>]

Hi Arthur,

Thank you very much for your help.

It was the objectSid. I'm far from familiar with LDAP so this little pointer was what was needed. I have one remaining question... but will raise another thread since it is unrelated.

Kind Regards

Tom

On 10 March 2018 at 19:45, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Fri, 2018-03-09 at 11:35 +0000, Tom Farrow wrote:
> map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
> map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-
> 30300820

Note that the value after objectSid needs to match the SID of your
domain as it is configured in AD. You can probably use ldapsearch to
find the correct value.

> You are right, the getend groupid fails, and the others succeed.
>
> RUnning nslcd -d in the foreground makes login fail

Can you provide the output of nslcd -d with "getent group
existinggroup" and "getent group existinggid"? Are the username and
userid lookps working as expected?

Kind regards,

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/