|
»
»
« Return to Thread: RV: Unix id command and Openldap
Re: RV: Unix id command and Openldap
by whistl
::
Rate this Message:
perhaps your installed "id" command doesn't support the nsswitch.conf
file and it's associated library. You might need to recompile it.
What distro and version of UNIX are you using?
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
> of course I have done that..
> any other ideas?
>
> Saludos,
>
> Oskar Kossuth
> Administrador UNIX
> ANTEL Telecomunicaciones
>
>
> -----Mensaje original-----
> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre
> de Patrick Wolfe
> Enviado el: Monday, December 22, 2008 5:04 PM
> Para: Kossuth Espinosa, Oskar
> CC: nssldap@...
> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>
> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
> servers. Make sure your /etc/nsswitch.conf says "passwd: files ldap"
> and "group: files ldap", or else id won't be searching ldap for ids
> and groups.
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>
>> Hi
>>
>>
>>
>> Does the id command works with a system using OPENLDAP
>> authentication ?
>>
>> I have implemented a server with openldap 2.3 and several clients
>> use this system to authenticate
>>
>> users, and works fine except that when I do a "id user" on a client
>> it only gives me the information of the primary
>>
>> group which the user belongs to and not of the suplementary groups
>> that he is also a member of in the LDAP server...
>>
>> any ideas??
>>
>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>> client.
>>
>> thanks for your help
>>
>>
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: openldap-technical-bounces+okossuth=antel.com.uy@... [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>> ] En nombre de Andrew Findlay
>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: openldap-technical@...; claus.kick@...
>> Asunto: Re: Unix id command and Openldap
>>
>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@...
>> wrote:
>>
>>> My problem is that I only see the primary group without the
>>> supplementary ones, whenever the groups are stored in the LDAP if
>>> the
>>> user is in the ldap server.
>>
>> This sounds more like an NSS problem than a purely OpenLDAP one,
>> so you may get more help by posting to nssldap@....
>>
>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>> and also the /etc/ldap.conf file (with passwords obscured).
>>
>> It would also be worth running slapd at debug level 768 and posting
>> what gets logged when you run the 'id' command.
>>
>> Andrew
>> --
>> -----------------------------------------------------------------------
>> | From Andrew Findlay, Skills 1st
>> Ltd |
>> | Consultant in large-scale systems, networks, and directory
>> services |
>> | http://www.skills-1st.co.uk/ +44 1628
>> 782565 |
>> -----------------------------------------------------------------------
>>
>> El presente correo y cualquier posible archivo
>> adjunto está
>> dirigido únicamente al destinatario del mensaje y contiene
>> información
>> que puede ser confidencial. Si Ud. no es el destinatario
>> correcto por
>> favor notifique al remitente respondiendo anexando este mensaje y
>> elimine
>> inmediatamente el e-mail y los posibles archivos adjuntos al mismo
>> de su
>> sistema. Está prohibida cualquier utilización, difusión o copia
>> de este
>> e-mail por cualquier persona o entidad que no sean las
>> específicas
>> destinatarias del mensaje. ANTEL no acepta ninguna
>> responsabilidad con
>> respecto a cualquier comunicación que haya sido emitida
>> incumpliendo
>> nuestra Política de Seguridad de la Información.
>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>> This e-mail and any attachment is confidential and is intended
>> solely for
>> the addressee(s). If you are not intended recipient please
>> inform the
>> sender immediately, answering this e-mail and delete it as well
>> as the
>> attached files. Any use, circulation or copy of this e-mail by any
>> person
>> or entity that is not the specific addressee(s) is prohibited.
>> ANTEL is
>> not responsible for any communication emitted without
>> respecting our
>> Information Security Policy.
>> <ldap.conf><nsswitch.conf>
>
>
>
file and it's associated library. You might need to recompile it.
What distro and version of UNIX are you using?
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
> of course I have done that..
> any other ideas?
>
> Saludos,
>
> Oskar Kossuth
> Administrador UNIX
> ANTEL Telecomunicaciones
>
>
> -----Mensaje original-----
> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre
> de Patrick Wolfe
> Enviado el: Monday, December 22, 2008 5:04 PM
> Para: Kossuth Espinosa, Oskar
> CC: nssldap@...
> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>
> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
> servers. Make sure your /etc/nsswitch.conf says "passwd: files ldap"
> and "group: files ldap", or else id won't be searching ldap for ids
> and groups.
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>
>> Hi
>>
>>
>>
>> Does the id command works with a system using OPENLDAP
>> authentication ?
>>
>> I have implemented a server with openldap 2.3 and several clients
>> use this system to authenticate
>>
>> users, and works fine except that when I do a "id user" on a client
>> it only gives me the information of the primary
>>
>> group which the user belongs to and not of the suplementary groups
>> that he is also a member of in the LDAP server...
>>
>> any ideas??
>>
>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>> client.
>>
>> thanks for your help
>>
>>
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: openldap-technical-bounces+okossuth=antel.com.uy@... [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>> ] En nombre de Andrew Findlay
>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: openldap-technical@...; claus.kick@...
>> Asunto: Re: Unix id command and Openldap
>>
>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@...
>> wrote:
>>
>>> My problem is that I only see the primary group without the
>>> supplementary ones, whenever the groups are stored in the LDAP if
>>> the
>>> user is in the ldap server.
>>
>> This sounds more like an NSS problem than a purely OpenLDAP one,
>> so you may get more help by posting to nssldap@....
>>
>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>> and also the /etc/ldap.conf file (with passwords obscured).
>>
>> It would also be worth running slapd at debug level 768 and posting
>> what gets logged when you run the 'id' command.
>>
>> Andrew
>> --
>> -----------------------------------------------------------------------
>> | From Andrew Findlay, Skills 1st
>> Ltd |
>> | Consultant in large-scale systems, networks, and directory
>> services |
>> | http://www.skills-1st.co.uk/ +44 1628
>> 782565 |
>> -----------------------------------------------------------------------
>>
>> El presente correo y cualquier posible archivo
>> adjunto está
>> dirigido únicamente al destinatario del mensaje y contiene
>> información
>> que puede ser confidencial. Si Ud. no es el destinatario
>> correcto por
>> favor notifique al remitente respondiendo anexando este mensaje y
>> elimine
>> inmediatamente el e-mail y los posibles archivos adjuntos al mismo
>> de su
>> sistema. Está prohibida cualquier utilización, difusión o copia
>> de este
>> e-mail por cualquier persona o entidad que no sean las
>> específicas
>> destinatarias del mensaje. ANTEL no acepta ninguna
>> responsabilidad con
>> respecto a cualquier comunicación que haya sido emitida
>> incumpliendo
>> nuestra Política de Seguridad de la Información.
>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>> This e-mail and any attachment is confidential and is intended
>> solely for
>> the addressee(s). If you are not intended recipient please
>> inform the
>> sender immediately, answering this e-mail and delete it as well
>> as the
>> attached files. Any use, circulation or copy of this e-mail by any
>> person
>> or entity that is not the specific addressee(s) is prohibited.
>> ANTEL is
>> not responsible for any communication emitted without
>> respecting our
>> Information Security Policy.
>> <ldap.conf><nsswitch.conf>
>
>
>
« Return to Thread: RV: Unix id command and Openldap
| Free embeddable forum powered by Nabble | Forum Help |
