RE: [nssldap] RV: Unix id command and Openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: <okossuth [at] antel.com.uy>
To: <morgan [at] orst.edu>
Cc: <smt [at] vgersoft.com>, <nssldap [at] padl.com>
Subject: RE: [nssldap] RV: Unix id command and Openldap
Date: Tue, 23 Dec 2008 17:23:13 -0200

It is not supposed to use a filter like this:

(&(objectclass=posixgroup)(uniquemember=cn=jbosstest, 
ou=Usuarios,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy))

uniquemember or memberUid or member could be used for secondary groups right?

Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones

-----Mensaje original-----
De: Andrew Morgan [morgan [at] orst.edu] 
Enviado el: Tuesday, December 23, 2008 2:26 PM
Para: Kossuth Espinosa, Oskar
CC: smt@vgersoft.com; nssldap@padl.com
Asunto: RE: [nssldap] RV: Unix id command and Openldap

On Tue, 23 Dec 2008, okossuth@antel.com.uy wrote:

> Hi guys
>
> getent passwd and getent group work fine, I get the list of users and groups 
> of the ldap server. getent group only shows me ldap groups without users 
> belonging to those groups
> like  the group mysql defined only in the ldap server:
>
> mysql:*:4620:
>
> My only problem is getting the secondary groups via id or groups.
> Starting the ldap server with debugging I saw a possible cause:
>
> conn=50 op=0 BIND dn="" method=128
> conn=50 op=0 RESULT tag=97 err=0 text=
> conn=50 op=1 SRCH 
> base="ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" 
> scope=2 deref=0 filter="(&(objectClass=posixGroup))"
> conn=50 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
> conn=50 op=1 ENTRY 
> dn="cn=jbossgrp,ou=grupos,ou=teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy"
>
> it seems that when i do a id -a jbosstest ( a user that is defined in the 
> ldap server)
> it searchs the ou=Grupos where the groups are defined but it only uses the
> filter  ="(&(objectClass=posixGroup))"..
> is that the problem???

Which objectclass are you expecting it to use?  posixGroup is the standard 
objectclass for these groups.

        Andy

El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.

Re: [nssldap] RV: Unix id command and Openldap, (continued)

Prev by Date: RE: [nssldap] RV: Unix id command and Openldap
Next by Date: RE: [nssldap] RV: Unix id command and Openldap
Previous by thread: RE: [nssldap] RV: Unix id command and Openldap
Next by thread: Re: [nssldap] RV: Unix id command and Openldap