Thanks for your reply claus
My problem is that I only see the primary group without the supplementary ones, whenever the groups are stored in the LDAP if the user is in the ldap server.
If the user is local (defined in /etc/passwd)I can see the primary group and suplementary groups without a problem(these groups are local also)... I have some groups stored only on the ldap server, and others locally. for example:
the jbosstest user is defined in the ldap server only, and is member of the groups ldaptest and mysql(also defined only on the ldap server). when I use the command id I get:
# id jbosstest uid=7000(jbosstest) gid=7002(ldaptest) groups=7002(ldaptest)
id never shows me the supplementary group mysql...
Any ideas?
Saludos,
Oskar Kossuth Administrador UNIX ANTEL Telecomunicaciones
-----Mensaje original----- De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org [mailto:openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org] En nombre de Kick, Claus Enviado el: Wednesday, December 17, 2008 4:56 AM Para: openldap-technical@openldap.org Asunto: AW: Unix id command and Openldap
Hello Oskar,
Hi Does the id command works with a system using OPENLDAP authentication ?
Yes.
I have implemented a server with openldap 2.4 and several clients use
this system to authenticate
users, and works fine except that when I do a "id user" on a client it
only gives me the information of the primary
group which the user belongs to and not of the suplementary groups that
he is also a member of in the LDAP server...
So you mean you only see OS-groups when using "id"?
any ideas??
It appears as if an ACL is not set properly. How/Where are your groups stored in the ldap backend?
El presente correo y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo anexando este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender immediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that is not the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.