Re: getent / group / LDAP problem

On Wed, 2008-05-28 at 13:51 -0400, Ryan Golhar wrote:
Hi all,

I have RHEL 5 running as an LDAP server, and am trying to configure a
second server to mimic the first one. I have created multiple groups in
LDAP and assigned various users to these groups. On the second server,
running 'id' from the shell doesn't show those secondary groups.

What LDAP product are you using (openldap, FDS, Apache DS, etc)


I thought there might be something wrong with nsswitch.conf, but 'getent
group' is reporting the secondary groups and the users but with a 'x' in
the second field:

RHEL provides a nifty lazy tool system-config-authentication which in my
experience works 100% of the time with LDAP. You may want to give it a
look for the setup bits, it eliminates typos and is all around
successful.


users:x:500:user1,user2,user3

whereas on the first server, I see:

users:*:500:user1,user2,user3

Why the difference in the second field?

This is just different shadow syntax, both of these point the password
field to gshadow, nothing to worry about


'id' doesn't report the secondary groups either. 'id' on the first LDAP
server shows something like:

uid=501(golharam) gid=501(sansuser)
groups=500(users),501(sansuser),85(cvs) context=user_u:system_r:unconfined_t

On the second LDAP server, I get:
uid=501(golharam) gid=500(users) groups=500(users)
context=user_u:system_r:unconfined_t

There should be a second group as 'cvs' with gid=85. Does anyone know
why I wouldn't see secondary groups in my second LDAP server?

This very much depends on how exactly the entry is listed in your ldap database.


Pat

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • slapd - slow starting
    ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
    (freebsd-stable)
  • Re: Configuring LDAP on Entourage 2004 OS X
    ... On the SBS server box, open Server Management console, navigate to ... by companies that are independent of Microsoft. ... Configuring LDAP on Entourage 2004 OS X ...
    (microsoft.public.windows.server.sbs)
  • Re: Antw: Re: LDAP Authentication Problem
    ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
    (de.comp.sys.novell)