|
»
»
« Return to Thread: RV: Unix id command and Openldap
Re: RV: Unix id command and Openldap
by Andrew Morgan
::
Rate this Message:
I normally have to use "id -a <username>" in order to get the
supplementary groups in the output (Debian Linux).
Andy
On Mon, 22 Dec 2008, Patrick Wolfe wrote:
> perhaps your installed "id" command doesn't support the nsswitch.conf file
> and it's associated library. You might need to recompile it. What distro
> and version of UNIX are you using?
>
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
>
>> of course I have done that..
>> any other ideas?
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre de
>> Patrick Wolfe
>> Enviado el: Monday, December 22, 2008 5:04 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: nssldap@...
>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>
>> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
>> servers. Make sure your /etc/nsswitch.conf says "passwd: files ldap"
>> and "group: files ldap", or else id won't be searching ldap for ids
>> and groups.
>>
>> --
>>
>> Patrick Wolfe
>> ADP Employease
>> 770-325-7724
>>
>>
>>
>> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>>
>>> Hi
>>>
>>>
>>>
>>> Does the id command works with a system using OPENLDAP
>>> authentication ?
>>>
>>> I have implemented a server with openldap 2.3 and several clients
>>> use this system to authenticate
>>>
>>> users, and works fine except that when I do a "id user" on a client
>>> it only gives me the information of the primary
>>>
>>> group which the user belongs to and not of the suplementary groups
>>> that he is also a member of in the LDAP server...
>>>
>>> any ideas??
>>>
>>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>>> client.
>>>
>>> thanks for your help
>>>
>>>
>>>
>>> Saludos,
>>>
>>> Oskar Kossuth
>>> Administrador UNIX
>>> ANTEL Telecomunicaciones
>>>
>>>
>>> -----Mensaje original-----
>>> De: openldap-technical-bounces+okossuth=antel.com.uy@...
>>> [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>>> ] En nombre de Andrew Findlay
>>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>>> Para: Kossuth Espinosa, Oskar
>>> CC: openldap-technical@...; claus.kick@...
>>> Asunto: Re: Unix id command and Openldap
>>>
>>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@... wrote:
>>>
>>>> My problem is that I only see the primary group without the
>>>> supplementary ones, whenever the groups are stored in the LDAP if the
>>>> user is in the ldap server.
>>>
>>> This sounds more like an NSS problem than a purely OpenLDAP one,
>>> so you may get more help by posting to nssldap@....
>>>
>>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>>> and also the /etc/ldap.conf file (with passwords obscured).
>>>
>>> It would also be worth running slapd at debug level 768 and posting
>>> what gets logged when you run the 'id' command.
>>>
>>> Andrew
>>> --
>>> -----------------------------------------------------------------------
>>> | From Andrew Findlay, Skills 1st
>>> Ltd |
>>> | Consultant in large-scale systems, networks, and directory
>>> services |
>>> | http://www.skills-1st.co.uk/ +44 1628
>>> 782565 |
>>> -----------------------------------------------------------------------
>>>
>>> El presente correo y cualquier posible archivo
>>> adjunto está
>>> dirigido únicamente al destinatario del mensaje y contiene
>>> información
>>> que puede ser confidencial. Si Ud. no es el destinatario
>>> correcto por
>>> favor notifique al remitente respondiendo anexando este mensaje y
>>> elimine
>>> inmediatamente el e-mail y los posibles archivos adjuntos al mismo
>>> de su
>>> sistema. Está prohibida cualquier utilización, difusión o copia
>>> de este
>>> e-mail por cualquier persona o entidad que no sean las
>>> específicas
>>> destinatarias del mensaje. ANTEL no acepta ninguna
>>> responsabilidad con
>>> respecto a cualquier comunicación que haya sido emitida
>>> incumpliendo
>>> nuestra Política de Seguridad de la Información.
>>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>> .
>>> This e-mail and any attachment is confidential and is intended
>>> solely for
>>> the addressee(s). If you are not intended recipient please
>>> inform the
>>> sender immediately, answering this e-mail and delete it as well
>>> as the
>>> attached files. Any use, circulation or copy of this e-mail by any
>>> person
>>> or entity that is not the specific addressee(s) is prohibited.
>>> ANTEL is
>>> not responsible for any communication emitted without
>>> respecting our
>>> Information Security Policy.
>>> <ldap.conf><nsswitch.conf>
>>
>>
>>
>
>
>
supplementary groups in the output (Debian Linux).
Andy
On Mon, 22 Dec 2008, Patrick Wolfe wrote:
> perhaps your installed "id" command doesn't support the nsswitch.conf file
> and it's associated library. You might need to recompile it. What distro
> and version of UNIX are you using?
>
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
>
>> of course I have done that..
>> any other ideas?
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre de
>> Patrick Wolfe
>> Enviado el: Monday, December 22, 2008 5:04 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: nssldap@...
>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>
>> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
>> servers. Make sure your /etc/nsswitch.conf says "passwd: files ldap"
>> and "group: files ldap", or else id won't be searching ldap for ids
>> and groups.
>>
>> --
>>
>> Patrick Wolfe
>> ADP Employease
>> 770-325-7724
>>
>>
>>
>> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>>
>>> Hi
>>>
>>>
>>>
>>> Does the id command works with a system using OPENLDAP
>>> authentication ?
>>>
>>> I have implemented a server with openldap 2.3 and several clients
>>> use this system to authenticate
>>>
>>> users, and works fine except that when I do a "id user" on a client
>>> it only gives me the information of the primary
>>>
>>> group which the user belongs to and not of the suplementary groups
>>> that he is also a member of in the LDAP server...
>>>
>>> any ideas??
>>>
>>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>>> client.
>>>
>>> thanks for your help
>>>
>>>
>>>
>>> Saludos,
>>>
>>> Oskar Kossuth
>>> Administrador UNIX
>>> ANTEL Telecomunicaciones
>>>
>>>
>>> -----Mensaje original-----
>>> De: openldap-technical-bounces+okossuth=antel.com.uy@...
>>> [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>>> ] En nombre de Andrew Findlay
>>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>>> Para: Kossuth Espinosa, Oskar
>>> CC: openldap-technical@...; claus.kick@...
>>> Asunto: Re: Unix id command and Openldap
>>>
>>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@... wrote:
>>>
>>>> My problem is that I only see the primary group without the
>>>> supplementary ones, whenever the groups are stored in the LDAP if the
>>>> user is in the ldap server.
>>>
>>> This sounds more like an NSS problem than a purely OpenLDAP one,
>>> so you may get more help by posting to nssldap@....
>>>
>>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>>> and also the /etc/ldap.conf file (with passwords obscured).
>>>
>>> It would also be worth running slapd at debug level 768 and posting
>>> what gets logged when you run the 'id' command.
>>>
>>> Andrew
>>> --
>>> -----------------------------------------------------------------------
>>> | From Andrew Findlay, Skills 1st
>>> Ltd |
>>> | Consultant in large-scale systems, networks, and directory
>>> services |
>>> | http://www.skills-1st.co.uk/ +44 1628
>>> 782565 |
>>> -----------------------------------------------------------------------
>>>
>>> El presente correo y cualquier posible archivo
>>> adjunto está
>>> dirigido únicamente al destinatario del mensaje y contiene
>>> información
>>> que puede ser confidencial. Si Ud. no es el destinatario
>>> correcto por
>>> favor notifique al remitente respondiendo anexando este mensaje y
>>> elimine
>>> inmediatamente el e-mail y los posibles archivos adjuntos al mismo
>>> de su
>>> sistema. Está prohibida cualquier utilización, difusión o copia
>>> de este
>>> e-mail por cualquier persona o entidad que no sean las
>>> específicas
>>> destinatarias del mensaje. ANTEL no acepta ninguna
>>> responsabilidad con
>>> respecto a cualquier comunicación que haya sido emitida
>>> incumpliendo
>>> nuestra Política de Seguridad de la Información.
>>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>> .
>>> This e-mail and any attachment is confidential and is intended
>>> solely for
>>> the addressee(s). If you are not intended recipient please
>>> inform the
>>> sender immediately, answering this e-mail and delete it as well
>>> as the
>>> attached files. Any use, circulation or copy of this e-mail by any
>>> person
>>> or entity that is not the specific addressee(s) is prohibited.
>>> ANTEL is
>>> not responsible for any communication emitted without
>>> respecting our
>>> Information Security Policy.
>>> <ldap.conf><nsswitch.conf>
>>
>>
>>
>
>
>
« Return to Thread: RV: Unix id command and Openldap
| Free embeddable forum powered by Nabble | Forum Help |
