Do you have an ACL allowing access to ou=groups
like
access to dn.one="ou=groups,dc=test,dc=net" by * read?
 
Cheers,
Claus


Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Justin Lintz
Gesendet: Dienstag, 3. Februar 2009 18:03
An: openldap-technical@openldap.org
Betreff: multiple groups not showing up in "groups" cmd

Hi,
I've configured a user to be a member of another posixGroup as so...

dn: cn=dev2,ou=groups,dc=test,dc=net
cn: dev2
gidNumber: 1003
objectClass: posixGroup
objectClass: top
memberUid: dave

The users info:
dn: cn=David FooBar,ou=people,dc=test,dc=net
givenName: David
sn: FooBar
cn: David FooBar
uid: dave
userPassword::
uidNumber: 1009
gidNumber: 1004
homeDirectory: /home/dave
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top

If I log into a server with the users account, it shows him properly a member of gid 1004, but does not list his seconday group of dev2.

My /etc/ldap.conf file is

base dc=test,dc=net
binddn cn=Manager,dc=test,dc=net
bindpw
timelimit 15
bind_timelimit 15
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
pam_filter objectclass=posixaccount
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=test,dc=net?one
nss_base_shadow ou=People,dc=test,dc=net?one
nss_base_group          ou=Groups,dc=test,dc=net?one
uri ldaps://prodldap01/ ldaps://prodldap02/
ssl on
tls_cacertdir /etc/openldap/cacerts
tls_checkpeer no
pam_password md5

I also tried changing the value of memberUid to the DN of the user, but that did not work as well.  Any suggestions are appreciated.  Thanks




- Justin Lintz