Dear all,
now I've understood the meaning of "memberUid::" attributes: stupid me I
was not able to sort this out by myself and contributed generating more
noise on this list
**thank you very much** to the ones that helped me understand this
now that all things are clear, **please consider this solved** :-)
I'm not going to reply to any further message in this thread unless they
bring something new or interesting on the topic
for those who are interested in details about the last messages I read
in this thread, below are my *last* comments
ciao
Giovanni
* Johannes Löthberg [2016-10-27 14:32:05 +0200]:
On 26/10, Giovanni Biscuolo wrote:
[...]
>to be a little more clear: "getent group" does not show
the base64 encoded
>users (aka listed as "memberUid:: ..." in LDIF)
>
>on the other side, "groups <user>" correctly lists all the groups the
user
>is member of, despite the base64 encoding of its memberUid attribute
[...]
First of all, which version of nss_ldap are you using,
the one from libnss-ldapd ver. 0.8.13-3ubuntu1
and could you post your config?
no thanks, it would not add useful infos (beleave me, it's pretty
default)
(Though I'd also recommend switching to nss-pam-ldapd instead,
which
is actually maintained.)
I agree :-)
* Michael Ströder [2016-10-27 16:06:04 +0200]:
[...]
IGFyaWFubmE= is simply ' arianna' with space as first
character (hence the
base64-encoding of the attribute value in the LDIF output).
OK thank you, now it's pretty clear that it's a base64 encoded
memberUid value, it's encoded because the user name has one ledaing
space [1]
No wonder why the
group membership of user arianna is not correct. It must match exactly.
Computers are like that.
beleave me or not: "groups arianna" returns me a complete list of
groups for arianna, included the ones in which arianna is enumerated as
a base64 memberUid attribute value (with one leading space)
same story for unix permissions and nfsv4 ACLs (and CIFS via SAMBA via
nfsv4 too)
=> fix the attribute value
no thanks: they are too much **and** group membership (so permissions
too) are working fine in my infrastructure
I've also managed to write a simple ldapsearch wrapper script to list
the members of specific (or all) groups
ciao a tutti
Giovanni
[1] still not cleat to me what tool (sure it was not manually done) did
that, but this is OT **for sure**
--
Giovanni Biscuolo
Xelera - IT infrastructures
http://xelera.eu/contact-us/
**per favore** Quota Bene:
http://wiki.news.nic.it/QuotarBene
**please** use Inline Reply:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style