RE: [nssldap] RV: Unix id command and Openldap

[<okossuth [at] antel.com.uy>]

Hi guys

getent passwd and getent group work fine, I get the list of users and groups of 
the ldap server. getent group only shows me ldap groups without users belonging 
to those groups 
like  the group mysql defined only in the ldap server:

mysql:*:4620:

My only problem is getting the secondary groups via id or groups.
Starting the ldap server with debugging I saw a possible cause:

conn=50 op=0 BIND dn="" method=128
conn=50 op=0 RESULT tag=97 err=0 text=
conn=50 op=1 SRCH 
base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" 
scope=2 deref=0 filter="(&(objectClass=posixGroup))"
conn=50 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
conn=50 op=1 ENTRY 
dn="cn=jbossgrp,ou=grupos,ou=teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"

it seems that when i do a id -a jbosstest ( a user that is defined in the ldap 
server)
it searchs the ou=Grupos where the groups are defined but it only uses the
filter  ="(&(objectClass=posixGroup))"..
is that the problem???

Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones


-----Mensaje original-----
De: owner-nssldap@padl.com [owner-nssldap [at] padl.com] En nombre de Steve 
Thompson
Enviado el: Monday, December 22, 2008 7:39 PM
Para: nssldap@padl.com
Asunto: Re: [nssldap] RV: Unix id command and Openldap

On Mon, 22 Dec 2008, Patrick Wolfe wrote:

> I have one SLES 10 SP2 VM configured with ldap authentication, and the "id" 
> command works just fine.  My /etc/nsswitch.conf "passwd" and "group" lines 
> are set to "compat", not "files ldap".

If you are using "compat", then the "+:..." lines in /etc/passwd and 
/etc/group are appropriate (they are what signal the lookup in LDAP for 
the compat method). If you're using "files ldap" then you don't need the 
"+..." lines.

For the OP, what do "getent passwd" and "getent group" return?

Steve
----------------------------------------------------------------------------
Steve Thompson                 E-mail:      smt AT vgersoft DOT com
Voyager Software LLC           Web:         http://www DOT vgersoft DOT com
39 Smugglers Path              VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
   "186,300 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------

El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.