RE: [nssldap] RV: Unix id command and Openldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] RV: Unix id command and Openldap
- From: <okossuth [at] antel.com.uy>
- To: <pwolfe [at] employease.com>
- Cc: <nssldap [at] padl.com>
- Subject: RE: [nssldap] RV: Unix id command and Openldap
- Date: Mon, 22 Dec 2008 18:14:27 -0200
of course I have done that..
any other ideas?
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Patrick
Wolfe
Enviado el: Monday, December 22, 2008 5:04 PM
Para: Kossuth Espinosa, Oskar
CC: nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap
the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
servers. Make sure your /etc/nsswitch.conf says "passwd: files ldap"
and "group: files ldap", or else id won't be searching ldap for ids
and groups.
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 2:15 PM, <okossuth@antel.com.uy> wrote:
> Hi
>
>
>
> Does the id command works with a system using OPENLDAP
> authentication ?
>
> I have implemented a server with openldap 2.3 and several clients
> use this system to authenticate
>
> users, and works fine except that when I do a "id user" on a client
> it only gives me the information of the primary
>
> group which the user belongs to and not of the suplementary groups
> that he is also a member of in the LDAP server...
>
> any ideas??
>
> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
> client.
>
> thanks for your help
>
>
>
> Saludos,
>
> Oskar Kossuth
> Administrador UNIX
> ANTEL Telecomunicaciones
>
>
> -----Mensaje original-----
> De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org
> [openldap-technical-bounces+okossuth=antel.com.uy [at] OpenLDAP.org
> ] En nombre de Andrew Findlay
> Enviado el: Wednesday, December 17, 2008 2:00 PM
> Para: Kossuth Espinosa, Oskar
> CC: openldap-technical@openldap.org; claus.kick@siemens.com
> Asunto: Re: Unix id command and Openldap
>
> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@antel.com.uy wrote:
>
>> My problem is that I only see the primary group without the
>> supplementary ones, whenever the groups are stored in the LDAP if the
>> user is in the ldap server.
>
> This sounds more like an NSS problem than a purely OpenLDAP one,
> so you may get more help by posting to nssldap@padl.com.
>
> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
> and also the /etc/ldap.conf file (with passwords obscured).
>
> It would also be worth running slapd at debug level 768 and posting
> what gets logged when you run the 'id' command.
>
> Andrew
> --
> -----------------------------------------------------------------------
> | From Andrew Findlay, Skills 1st
> Ltd |
> | Consultant in large-scale systems, networks, and directory
> services |
> | http://www.skills-1st.co.uk/ +44 1628
> 782565 |
> -----------------------------------------------------------------------
>
> El presente correo y cualquier posible archivo
> adjunto está
> dirigido únicamente al destinatario del mensaje y contiene
> información
> que puede ser confidencial. Si Ud. no es el destinatario
> correcto por
> favor notifique al remitente respondiendo anexando este mensaje y
> elimine
> inmediatamente el e-mail y los posibles archivos adjuntos al mismo
> de su
> sistema. Está prohibida cualquier utilización, difusión o copia
> de este
> e-mail por cualquier persona o entidad que no sean las
> específicas
> destinatarias del mensaje. ANTEL no acepta ninguna
> responsabilidad con
> respecto a cualquier comunicación que haya sido emitida
> incumpliendo
> nuestra Política de Seguridad de la Información.
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> This e-mail and any attachment is confidential and is intended
> solely for
> the addressee(s). If you are not intended recipient please
> inform the
> sender immediately, answering this e-mail and delete it as well
> as the
> attached files. Any use, circulation or copy of this e-mail by any
> person
> or entity that is not the specific addressee(s) is prohibited.
> ANTEL is
> not responsible for any communication emitted without
> respecting our
> Information Security Policy.
> <ldap.conf><nsswitch.conf>