Hey,
I'm setting up a small network with LDAP and I'm running into a little trouble.
The openldap server is on a Suse linux box and the clients are on solaris 10. Currently I'm trying to configure user authentication and group memberships. So far I have the authentication working. Users can log in on any of the solaris workstations. However, when these users log in, they are not part of the correct groups. The only group that user is a member of is their default group. But when that user logs in on the linux server, things work just great and they're members of all the correct groups.
For example: USER1 is part of groups AAA, BBB, and CCC with their default group as BBB. When this user logs into the linux server and performs the 'groups' command, it will show this user is part of all three groups AAA, BBB, and CCC. However, when this user logs into the solaris client and perform's the 'groups' command, they're only a member of the BBB group.
The /etc/nsswitch.conf on the solaris machine is configure like:
passwd: files ldap group: files ldap host: files ipnodes: files netgroup: etc...
The /var/ldap/ldap_client_file on the solaris machine is configured like:
NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 12.12.74.122 NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=edu NS_LDAP_AUTH= simple NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy
Here is an ldapsearch command and the results:
ldapsearch -b "dc=mydomain,dc=edu" -h server1 "(objectclass=groupofnames)"
dn: cn=AAA,ou=group,dc=mydomain,dc=edu cn: AAA gidNumber: 601 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=BBB,ou=group,dc=mydomain,dc=edu cn: BBB gidNumber: 602 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=CCC,ou=group,dc=mydomain,dc=edu cn: CCC gidNumber: 603 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER4,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
This has been a really weird problem. The default groups are getting properly set but none of the other memberships are working. I've not found any help online and I'm pulling my hair out!