Re: NSS Protocol Sanity Check?

[Patrick <201809-nss-pam-ldapd [at] haller.ws>]

On CentOS 7 without nscd, `groups $user` and `id -nG $user` both send
GROUP_BYGID to nslcd.

With nscd running, nslcd sees GROUP_BYMEMBER queries from nscd.

This then seems like a issue with coreutils?

> The GROUP_BYGID call could be used to find the user's primary group
> name and GROUP_BYMEMBER is expected to find the groups the user is a
> member of.
>
> If you are running nslcd in debug mode, do you not see group/member
> requests coming by?

nscld just sees the GROUP_BYGID

systemctl stop nslcd ; nslcd -d
nslcd: [495cff] DEBUG: connection from pid=17824 uid=0 gid=0
nslcd: [495cff] <passwd="patrick_haller"> DEBUG: 
myldap_search(base="dc=ofs,dc=edu,dc=sg", 
filter="(&(objectClass=posixAccount)(uid=patrick_haller))")
nslcd: [495cff] <passwd="patrick_haller"> DEBUG: ldap_result(): 
uid=patrick_haller,ou=people,dc=ofs,dc=edu,dc=sg
nslcd: [495cff] <passwd="patrick_haller"> DEBUG: ldap_result(): end of results 
(1 total)
nslcd: [e8944a] DEBUG: connection from pid=17824 uid=0 gid=0
nslcd: [e8944a] <passwd=39014> DEBUG: myldap_search(base="dc=ofs,dc=edu,dc=sg", 
filter="(&(objectClass=posixAccount)(uidNumber=39014))")
nslcd: [e8944a] <passwd=39014> DEBUG: ldap_result(): 
uid=patrick_haller,ou=people,dc=ofs,dc=edu,dc=sg
nslcd: [e8944a] <passwd=39014> DEBUG: ldap_result(): end of results (1 total)
nslcd: [5558ec] DEBUG: connection from pid=17824 uid=0 gid=0
nslcd: [5558ec] <group=39014> DEBUG: myldap_search(base="dc=ofs,dc=edu,dc=sg", 
filter="(&(objectClass=posixGroup)(gidNumber=39014))")
nslcd: [5558ec] <group=39014> DEBUG: ldap_result(): 
cn=patrick_haller,ou=usergroups,dc=ofs,dc=edu,dc=sg
nslcd: [5558ec] <group=39014> DEBUG: ldap_result(): end of results (1 total)

> What does your /etc/nsswitch.conf look like?

grep ^group /etc/nsswitch.conf
group:      files ldap sss




Thanks!
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/