Re: Group values not returned with "id" command

Justin Edmands wrote: > Hey, > Certainly new to migrations of LDAP. I migrated our old setup from > OpenLDAP to > 389 Directory Server. When using the "id" command on an LDAP client, it > only > returns uid,gid, and one group. It for some reason does not show all of > the > actual groups that the user is associated with. What is set to return > these > values and what setting ensures they are properly mapped from OpenLDAP to > 389DS? > > ### OpenLDAP example: ### > > [root openldapclient ~]# id jedmands > uid=9999(jedmands) gid=100(users) > groups=100(users),5000(**manager),5001(linuxadmin),** > 5002(storageadmin),5003(**dbadmin),5004(webadmin),5006(**it) > > ### 389 DS Example: ### > > [root 389dsclient ~]# id jedmands > uid=9999(jedmands) gid=100(users) groups=100(users) > > Notes: > Posted this to the 389-users list, nothing received. > We are using the memberOf plugin for 389DS. > I don't know too much about the openldap environment. I moved to CentOS 6 > and > figured DS was the way to go with SSL/TLS > I'm pretty sure you figured wrong. OpenLDAP actually works, implements the LDAP RFCs correctly, and outperforms all other LDAP servers. Compared to 389DS, OpenLDAP bulk-loads data 2x faster, uses 10% less space on disk, answers search queries 4x faster, and uses 50% less RAM to do it. (Also answers Binds 6x faster, and performs updates 11x faster.) 389DS is a hulking pile of obsolete code; the only reason it still exists today is because RedHat has support contracts for RedHatDS from customers too ignorant to realize how bad the product they've paid for actually is. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/**project/<http://www.openldap.org/project/>