RE: [nssldap] RV: Unix id command and Openldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] RV: Unix id command and Openldap
- From: <okossuth [at] antel.com.uy>
- To: <smt [at] vgersoft.com>, <nssldap [at] padl.com>
- Subject: RE: [nssldap] RV: Unix id command and Openldap
- Date: Tue, 23 Dec 2008 12:52:07 -0200
Hi guys
getent passwd and getent group work fine, I get the list of users and groups of
the ldap server. getent group only shows me ldap groups without users belonging
to those groups
like the group mysql defined only in the ldap server:
mysql:*:4620:
My only problem is getting the secondary groups via id or groups.
Starting the ldap server with debugging I saw a possible cause:
conn=50 op=0 BIND dn="" method=128
conn=50 op=0 RESULT tag=97 err=0 text=
conn=50 op=1 SRCH
base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"
scope=2 deref=0 filter="(&(objectClass=posixGroup))"
conn=50 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
conn=50 op=1 ENTRY
dn="cn=jbossgrp,ou=grupos,ou=teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"
it seems that when i do a id -a jbosstest ( a user that is defined in the ldap
server)
it searchs the ou=Grupos where the groups are defined but it only uses the
filter ="(&(objectClass=posixGroup))"..
is that the problem???
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Steve
Thompson
Enviado el: Monday, December 22, 2008 7:39 PM
Para: nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap
On Mon, 22 Dec 2008, Patrick Wolfe wrote:
> I have one SLES 10 SP2 VM configured with ldap authentication, and the "id"
> command works just fine. My /etc/nsswitch.conf "passwd" and "group" lines
> are set to "compat", not "files ldap".
If you are using "compat", then the "+:..." lines in /etc/passwd and
/etc/group are appropriate (they are what signal the lookup in LDAP for
the compat method). If you're using "files ldap" then you don't need the
"+..." lines.
For the OP, what do "getent passwd" and "getent group" return?
Steve
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
"186,300 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.
- RE: [nssldap] RV: Unix id command and Openldap, (continued)