On 26/10, Giovanni Biscuolo wrote:
Dear Dieter thank you so much!
- Dieter Klünter [2016-10-26 15:07:13 +0200]:
[...]
memberUid:: IGFyaWFubmE=
[...]
also, on a client machine configured to use libnss-ldapd, if I list the groups with "sudo getent group" I can see the "clear text" members (e.g. firstuser in the example above) but not the "hashed" one; the same using the "members" command
to be a little more clear: "getent group" does not show the base64 encoded users (aka listed as "memberUid:: ..." in LDIF)
on the other side, "groups <user>" correctly lists all the groups the user is member of, despite the base64 encoding of its memberUid attribute
this way - fortunately - all the permissions and ACLs on the client machines are working fine, but superusers cannot get a list of group members with canonical tools like getent
I have to find a solution to list groups and members... I'm lazy and I'd like to avoid to manually fix all the attributes
That sounds more like it's just not enumerating the users properly. First of all, which version of nss_ldap are you using, and could you post your config? There's for example a bug in 265 where there are missing entries when `nss_connect_policy` is set to `oneshot`, but some distros have patched it.
(Though I'd also recommend switching to nss-pam-ldapd instead, which is actually maintained.)