Hi, I've configured a user to be a member of another posixGroup as so...
dn: cn=dev2,ou=groups,dc=test,dc=net cn: dev2 gidNumber: 1003 objectClass: posixGroup objectClass: top memberUid: dave
The users info: dn: cn=David FooBar,ou=people,dc=test,dc=net givenName: David sn: FooBar cn: David FooBar uid: dave userPassword:: uidNumber: 1009 gidNumber: 1004 homeDirectory: /home/dave loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top
If I log into a server with the users account, it shows him properly a member of gid 1004, but does not list his seconday group of dev2.
My /etc/ldap.conf file is
base dc=test,dc=net binddn cn=Manager,dc=test,dc=net bindpw timelimit 15 bind_timelimit 15 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman pam_filter objectclass=posixaccount pam_member_attribute memberuid nss_base_passwd ou=People,dc=test,dc=net?one nss_base_shadow ou=People,dc=test,dc=net?one nss_base_group ou=Groups,dc=test,dc=net?one uri ldaps://prodldap01/ ldaps://prodldap02/ ssl on tls_cacertdir /etc/openldap/cacerts tls_checkpeer no pam_password md5
I also tried changing the value of memberUid to the DN of the user, but that did not work as well. Any suggestions are appreciated. Thanks
- Justin Lintz
Do you have an ACL allowing access to ou=groups like access to dn.one="ou=groups,dc=test,dc=net" by * read?
Cheers, Claus
________________________________
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Justin Lintz Gesendet: Dienstag, 3. Februar 2009 18:03 An: openldap-technical@openldap.org Betreff: multiple groups not showing up in "groups" cmd
Hi, I've configured a user to be a member of another posixGroup as so...
dn: cn=dev2,ou=groups,dc=test,dc=net cn: dev2 gidNumber: 1003 objectClass: posixGroup objectClass: top memberUid: dave
The users info: dn: cn=David FooBar,ou=people,dc=test,dc=net givenName: David sn: FooBar cn: David FooBar uid: dave userPassword:: uidNumber: 1009 gidNumber: 1004 homeDirectory: /home/dave loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top
If I log into a server with the users account, it shows him properly a member of gid 1004, but does not list his seconday group of dev2.
My /etc/ldap.conf file is
base dc=test,dc=net binddn cn=Manager,dc=test,dc=net bindpw timelimit 15 bind_timelimit 15 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman pam_filter objectclass=posixaccount pam_member_attribute memberuid nss_base_passwd ou=People,dc=test,dc=net?one nss_base_shadow ou=People,dc=test,dc=net?one nss_base_group ou=Groups,dc=test,dc=net?one uri ldaps://prodldap01/ ldaps://prodldap02/ ssl on tls_cacertdir /etc/openldap/cacerts tls_checkpeer no pam_password md5
I also tried changing the value of memberUid to the DN of the user, but that did not work as well. Any suggestions are appreciated. Thanks
- Justin Lintz
Sorry, I ended up being bitten by nscd and it caching the old group information. It had been working. Thanks for your help - Justin Lintz
On Tue, Feb 3, 2009 at 12:08 PM, Kick, Claus claus.kick@siemens.com wrote:
Do you have an ACL allowing access to ou=groups like access to dn.one="ou=groups,dc=test,dc=net" by * read?
Cheers, Claus
*Von:* openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick<openldap-technical-bounces%2Bclaus.kick> =siemens.com@OpenLDAP.org] *Im Auftrag von *Justin Lintz *Gesendet:* Dienstag, 3. Februar 2009 18:03 *An:* openldap-technical@openldap.org *Betreff:* multiple groups not showing up in "groups" cmd
Hi, I've configured a user to be a member of another posixGroup as so...
dn: cn=dev2,ou=groups,dc=test,dc=net cn: dev2 gidNumber: 1003 objectClass: posixGroup objectClass: top memberUid: dave
The users info: dn: cn=David FooBar,ou=people,dc=test,dc=net givenName: David sn: FooBar cn: David FooBar uid: dave userPassword:: uidNumber: 1009 gidNumber: 1004 homeDirectory: /home/dave loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top
If I log into a server with the users account, it shows him properly a member of gid 1004, but does not list his seconday group of dev2.
My /etc/ldap.conf file is
base dc=test,dc=net binddn cn=Manager,dc=test,dc=net bindpw timelimit 15 bind_timelimit 15 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman pam_filter objectclass=posixaccount pam_member_attribute memberuid nss_base_passwd ou=People,dc=test,dc=net?one nss_base_shadow ou=People,dc=test,dc=net?one nss_base_group ou=Groups,dc=test,dc=net?one uri ldaps://prodldap01/ ldaps://prodldap02/ ssl on tls_cacertdir /etc/openldap/cacerts tls_checkpeer no pam_password md5
I also tried changing the value of memberUid to the DN of the user, but that did not work as well. Any suggestions are appreciated. Thanks
- Justin Lintz
openldap-technical@openldap.org