RE: [nssldap] RV: Unix id command and Openldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] RV: Unix id command and Openldap
- From: <okossuth [at] antel.com.uy>
- To: <morgan [at] orst.edu>
- Cc: <smt [at] vgersoft.com>, <nssldap [at] padl.com>
- Subject: RE: [nssldap] RV: Unix id command and Openldap
- Date: Tue, 23 Dec 2008 17:23:13 -0200
It is not supposed to use a filter like this:
(&(objectclass=posixgroup)(uniquemember=cn=jbosstest,
ou=Usuarios,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy))
uniquemember or memberUid or member could be used for secondary groups right?
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: Andrew Morgan [morgan [at] orst.edu]
Enviado el: Tuesday, December 23, 2008 2:26 PM
Para: Kossuth Espinosa, Oskar
CC: smt@vgersoft.com; nssldap@padl.com
Asunto: RE: [nssldap] RV: Unix id command and Openldap
On Tue, 23 Dec 2008, okossuth@antel.com.uy wrote:
> Hi guys
>
> getent passwd and getent group work fine, I get the list of users and groups
> of the ldap server. getent group only shows me ldap groups without users
> belonging to those groups
> like the group mysql defined only in the ldap server:
>
> mysql:*:4620:
>
> My only problem is getting the secondary groups via id or groups.
> Starting the ldap server with debugging I saw a possible cause:
>
> conn=50 op=0 BIND dn="" method=128
> conn=50 op=0 RESULT tag=97 err=0 text=
> conn=50 op=1 SRCH
> base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"
> scope=2 deref=0 filter="(&(objectClass=posixGroup))"
> conn=50 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
> conn=50 op=1 ENTRY
> dn="cn=jbossgrp,ou=grupos,ou=teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"
>
> it seems that when i do a id -a jbosstest ( a user that is defined in the
> ldap server)
> it searchs the ou=Grupos where the groups are defined but it only uses the
> filter ="(&(objectClass=posixGroup))"..
> is that the problem???
Which objectclass are you expecting it to use? posixGroup is the standard
objectclass for these groups.
Andy
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.