Re: [nssldap] RV: Unix id command and Openldap

[Patrick Wolfe <pwolfe [at] employease.com>]

I have one SLES 10 SP2 VM configured with ldap authentication, and the  
"id" command works just fine.  My /etc/nsswitch.conf "passwd" and  
"group" lines are set to "compat", not "files ldap".


--

Patrick Wolfe
ADP Employease
770-325-7724



On Dec 22, 2008, at 3:47 PM, <okossuth@antel.com.uy> wrote:

> I'm using suse linux enterprise server 10 SP1
>
>
> Saludos,
>
> Oskar Kossuth
> Administrador UNIX
> ANTEL Telecomunicaciones
>
>
> -----Mensaje original-----
> De: Patrick Wolfe [pwolfe [at] employease.com]
> Enviado el: Monday, December 22, 2008 5:23 PM
> Para: Kossuth Espinosa, Oskar
> CC: pwolfe@employease.com; nssldap@padl.com
> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>
> perhaps your installed "id" command doesn't support the nsswitch.conf
> file and it's associated library.  You might need to recompile it.
> What distro and version of UNIX are you using?
>
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 3:14 PM, <okossuth@antel.com.uy> wrote:
>
> > of course I have done that..
> > any other ideas?
> >
> > Saludos,
> >
> > Oskar Kossuth
> > Administrador UNIX
> > ANTEL Telecomunicaciones
> >
> >
> > -----Mensaje original-----
> > De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre
> > de Patrick Wolfe
> > Enviado el: Monday, December 22, 2008 5:04 PM
> > Para: Kossuth Espinosa, Oskar
> > CC: nssldap@padl.com
> > Asunto: Re: [nssldap] RV: Unix id command and Openldap
> >
> > the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
> > servers.  Make sure your /etc/nsswitch.conf says "passwd: files ldap"
> > and "group: files ldap", or else id won't be searching ldap for ids
> > and groups.
> >
> > --
> >
> > Patrick Wolfe
> > ADP Employease
> > 770-325-7724
> >
> >
> >
> > On Dec 22, 2008, at 2:15 PM, <okossuth@antel.com.uy> wrote:
> >
> > > Hi
> > >
> > >
> > >
> > > Does the id command works with a system using OPENLDAP
> > > authentication ?
> > >
> > > I have implemented a server with openldap 2.3 and several clients
> > > use this system to authenticate
> > >
> > > users, and works fine except that when I do a "id user" on a client
> > > it only gives me the information of the primary
> > >
> > > group which the user belongs to and not of the suplementary groups
> > > that he is also a member of in the LDAP server...
> > >
> > > any ideas??
> > >
> > > im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
> > > client.
> > >
> > > thanks for your help
> > >
> > >
> > >
> > > Saludos,
> > >
> > > Oskar Kossuth
> > > Administrador UNIX
> > > ANTEL Telecomunicaciones
> > >
> > >
> > > -----Mensaje original-----
> > > De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org 
> > > [openldap-technical-bounces+okossuth=antel.com.uy [at] OpenLDAP.org
> > > ] En nombre de Andrew Findlay
> > > Enviado el: Wednesday, December 17, 2008 2:00 PM
> > > Para: Kossuth Espinosa, Oskar
> > > CC: openldap-technical@openldap.org; claus.kick@siemens.com
> > > Asunto: Re: Unix id command and Openldap
> > >
> > > On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@antel.com.uy
> > > wrote:
> > >
> > > > My problem is that I only see the primary group without the
> > > > supplementary ones, whenever the groups are stored in the LDAP if
> > > > the
> > > > user is in the ldap server.
> > >
> > > This sounds more like an NSS problem than a purely OpenLDAP one,
> > > so you may get more help by posting to nssldap@padl.com.
> > >
> > > Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
> > > and also the /etc/ldap.conf file (with passwords obscured).
> > >
> > > It would also be worth running slapd at debug level 768 and posting
> > > what gets logged when you run the 'id' command.
> > >
> > > Andrew
> > > --
> > > -----------------------------------------------------------------------
> > > |                 From Andrew Findlay, Skills 1st
> > > Ltd                 |
> > > | Consultant in large-scale systems, networks, and directory
> > > services |
> > > |     http://www.skills-1st.co.uk/                +44 1628
> > > 782565     |
> > > -----------------------------------------------------------------------
> > >
> > > El   presente  correo   y   cualquier    posible   archivo
> > > adjunto  está
> > > dirigido  únicamente  al destinatario  del  mensaje y contiene
> > > información
> > > que  puede ser  confidencial.  Si  Ud. no es el destinatario
> > > correcto por
> > > favor notifique al remitente respondiendo  anexando este mensaje y
> > > elimine
> > > inmediatamente   el e-mail y los posibles archivos adjuntos al mismo
> > > de su
> > > sistema. Está  prohibida  cualquier utilización,  difusión o copia
> > > de este
> > > e-mail por   cualquier  persona  o  entidad  que  no  sean las
> > > específicas
> > > destinatarias del  mensaje.  ANTEL  no acepta  ninguna
> > > responsabilidad con
> > > respecto  a cualquier  comunicación  que  haya sido  emitida
> > > incumpliendo
> > > nuestra Política de Seguridad de la Información.
> > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> > > This e-mail and any attachment is confidential and is  intended
> > > solely for
> > > the addressee(s).  If you are not  intended  recipient  please
> > > inform the
> > > sender immediately,  answering  this  e-mail and  delete it as well
> > > as the
> > > attached files. Any use, circulation or copy of this e-mail by  any
> > > person
> > > or entity that is not the specific  addressee(s)  is prohibited.
> > > ANTEL is
> > > not  responsible  for  any  communication  emitted  without
> > > respecting our
> > > Information Security Policy.
> > > <ldap.conf><nsswitch.conf>