Hello,
this is an example of our group structure which serves fine for our Solaris servers:
gidNumber: 456454
memberUid: USER1
objectClass: posixGroup
objectClass:top
cn: mygroup
I think the problem is that you are using objectClass: groupofnames with the member attribute.
Best Regards,
Claus
________________________________
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Doug Grantham Gesendet: Donnerstag, 12. Juni 2008 15:45 An: openldap-technical@openldap.org Betreff: LDAP group memberships not working
Hey,
I'm setting up a small network with LDAP and I'm running into a little trouble.
The openldap server is on a Suse linux box and the clients are on solaris 10. Currently I'm trying to configure user authentication and group memberships. So far I have the authentication working. Users can log in on any of the solaris workstations. However, when these users log in, they are not part of the correct groups. The only group that user is a member of is their default group. But when that user logs in on the linux server, things work just great and they're members of all the correct groups.
For example: USER1 is part of groups AAA, BBB, and CCC with their default group as BBB. When this user logs into the linux server and performs the 'groups' command, it will show this user is part of all three groups AAA, BBB, and CCC. However, when this user logs into the solaris client and perform's the 'groups' command, they're only a member of the BBB group.
The /etc/nsswitch.conf on the solaris machine is configure like:
passwd: files ldap group: files ldap host: files ipnodes: files netgroup: etc...
The /var/ldap/ldap_client_file on the solaris machine is configured like:
NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 12.12.74.122 NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=edu NS_LDAP_AUTH= simple NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy
Here is an ldapsearch command and the results:
ldapsearch -b "dc=mydomain,dc=edu" -h server1 "(objectclass=groupofnames)"
dn: cn=AAA,ou=group,dc=mydomain,dc=edu cn: AAA gidNumber: 601 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=BBB,ou=group,dc=mydomain,dc=edu cn: BBB gidNumber: 602 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=CCC,ou=group,dc=mydomain,dc=edu cn: CCC gidNumber: 603 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER4,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
This has been a really weird problem. The default groups are getting properly set but none of the other memberships are working. I've not found any help online and I'm pulling my hair out!