RE: [nssldap] RV: Unix id command and Openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: <okossuth [at] antel.com.uy>
To: <pwolfe [at] employease.com>
Cc: <nssldap [at] padl.com>
Subject: RE: [nssldap] RV: Unix id command and Openldap
Date: Mon, 22 Dec 2008 18:47:37 -0200

I'm using suse linux enterprise server 10 SP1


Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones


-----Mensaje original-----
De: Patrick Wolfe [pwolfe [at] employease.com] 
Enviado el: Monday, December 22, 2008 5:23 PM
Para: Kossuth Espinosa, Oskar
CC: pwolfe@employease.com; nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap

perhaps your installed "id" command doesn't support the nsswitch.conf  
file and it's associated library.  You might need to recompile it.   
What distro and version of UNIX are you using?


--

Patrick Wolfe
ADP Employease
770-325-7724



On Dec 22, 2008, at 3:14 PM, <okossuth@antel.com.uy> wrote:

> of course I have done that..
> any other ideas?
>
> Saludos,
>
> Oskar Kossuth
> Administrador UNIX
> ANTEL Telecomunicaciones
>
>
> -----Mensaje original-----
> De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre  
> de Patrick Wolfe
> Enviado el: Monday, December 22, 2008 5:04 PM
> Para: Kossuth Espinosa, Oskar
> CC: nssldap@padl.com
> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>
> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
> servers.  Make sure your /etc/nsswitch.conf says "passwd: files ldap"
> and "group: files ldap", or else id won't be searching ldap for ids
> and groups.
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 2:15 PM, <okossuth@antel.com.uy> wrote:
>
>> Hi
>>
>>
>>
>> Does the id command works with a system using OPENLDAP
>> authentication ?
>>
>> I have implemented a server with openldap 2.3 and several clients
>> use this system to authenticate
>>
>> users, and works fine except that when I do a "id user" on a client
>> it only gives me the information of the primary
>>
>> group which the user belongs to and not of the suplementary groups
>> that he is also a member of in the LDAP server...
>>
>> any ideas??
>>
>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>> client.
>>
>> thanks for your help
>>
>>
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org 
>> [openldap-technical-bounces+okossuth=antel.com.uy [at] OpenLDAP.org
>> ] En nombre de Andrew Findlay
>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: openldap-technical@openldap.org; claus.kick@siemens.com
>> Asunto: Re: Unix id command and Openldap
>>
>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@antel.com.uy  
>> wrote:
>>
>>> My problem is that I only see the primary group without the
>>> supplementary ones, whenever the groups are stored in the LDAP if  
>>> the
>>> user is in the ldap server.
>>
>> This sounds more like an NSS problem than a purely OpenLDAP one,
>> so you may get more help by posting to nssldap@padl.com.
>>
>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>> and also the /etc/ldap.conf file (with passwords obscured).
>>
>> It would also be worth running slapd at debug level 768 and posting
>> what gets logged when you run the 'id' command.
>>
>> Andrew
>> -- 
>> -----------------------------------------------------------------------
>> |                 From Andrew Findlay, Skills 1st
>> Ltd                 |
>> | Consultant in large-scale systems, networks, and directory
>> services |
>> |     http://www.skills-1st.co.uk/                +44 1628
>> 782565     |
>> -----------------------------------------------------------------------
>>
>> El   presente  correo   y   cualquier    posible   archivo
>> adjunto  está
>> dirigido  únicamente  al destinatario  del  mensaje y contiene
>> información
>> que  puede ser  confidencial.  Si  Ud. no es el destinatario
>> correcto por
>> favor notifique al remitente respondiendo  anexando este mensaje y
>> elimine
>> inmediatamente   el e-mail y los posibles archivos adjuntos al mismo
>> de su
>> sistema. Está  prohibida  cualquier utilización,  difusión o copia
>> de este
>> e-mail por   cualquier  persona  o  entidad  que  no  sean las
>> específicas
>> destinatarias del  mensaje.  ANTEL  no acepta  ninguna
>> responsabilidad con
>> respecto  a cualquier  comunicación  que  haya sido  emitida
>> incumpliendo
>> nuestra Política de Seguridad de la Información.
>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>> This e-mail and any attachment is confidential and is  intended
>> solely for
>> the addressee(s).  If you are not  intended  recipient  please
>> inform the
>> sender immediately,  answering  this  e-mail and  delete it as well
>> as the
>> attached files. Any use, circulation or copy of this e-mail by  any
>> person
>> or entity that is not the specific  addressee(s)  is prohibited.
>> ANTEL is
>> not  responsible  for  any  communication  emitted  without
>> respecting our
>> Information Security Policy.
>> <ldap.conf><nsswitch.conf>
>
>
>

[nssldap] RV: Unix id command and Openldap, okossuth
- Re: [nssldap] RV: Unix id command and Openldap, Patrick Wolfe
  - RE: [nssldap] RV: Unix id command and Openldap, okossuth
    - Re: [nssldap] RV: Unix id command and Openldap, Patrick Wolfe
      - RE: [nssldap] RV: Unix id command and Openldap, okossuth

Prev by Date: Re: [nssldap] RV: Unix id command and Openldap
Next by Date: Re: [nssldap] RV: Unix id command and Openldap
Previous by thread: Re: [nssldap] RV: Unix id command and Openldap
Next by thread: Re: [nssldap] RV: Unix id command and Openldap