« Return to Thread: RV: Unix id command and Openldap
RV: Unix id command and Openldap
by okossuth
::
Rate this Message:
Hi
Does the id command works with a system using OPENLDAP authentication ?
I have implemented a server with openldap 2.3 and several clients use this system to authenticate
users, and works fine except that when I do a "id user" on a client it only gives me the information of the primary
group which the user belongs to and not of the suplementary groups that he is also a member of in the LDAP server...
any ideas??
im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.
thanks for your help
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: openldap-technical-bounces+okossuth=antel.com.uy@... [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...] En nombre de Andrew Findlay
Enviado el: Wednesday, December 17, 2008 2:00 PM
Para: Kossuth Espinosa, Oskar
CC: openldap-technical@...; claus.kick@...
Asunto: Re: Unix id command and Openldap
On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@... wrote:
> My problem is that I only see the primary group without the
> supplementary ones, whenever the groups are stored in the LDAP if the
> user is in the ldap server.
This sounds more like an NSS problem than a purely OpenLDAP one,
so you may get more help by posting to nssldap@....
Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
and also the /etc/ldap.conf file (with passwords obscured).
It would also be worth running slapd at debug level 768 and posting
what gets logged when you run the 'id' command.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.
Does the id command works with a system using OPENLDAP authentication ?
I have implemented a server with openldap 2.3 and several clients use this system to authenticate
users, and works fine except that when I do a "id user" on a client it only gives me the information of the primary
group which the user belongs to and not of the suplementary groups that he is also a member of in the LDAP server...
any ideas??
im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.
thanks for your help
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: openldap-technical-bounces+okossuth=antel.com.uy@... [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...] En nombre de Andrew Findlay
Enviado el: Wednesday, December 17, 2008 2:00 PM
Para: Kossuth Espinosa, Oskar
CC: openldap-technical@...; claus.kick@...
Asunto: Re: Unix id command and Openldap
On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@... wrote:
> My problem is that I only see the primary group without the
> supplementary ones, whenever the groups are stored in the LDAP if the
> user is in the ldap server.
This sounds more like an NSS problem than a purely OpenLDAP one,
so you may get more help by posting to nssldap@....
Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
and also the /etc/ldap.conf file (with passwords obscured).
It would also be worth running slapd at debug level 768 and posting
what gets logged when you run the 'id' command.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.
ldap.conf (13K) « Return to Thread: RV: Unix id command and Openldap
| Free embeddable forum powered by Nabble | Forum Help |
