[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group membership problems

To: openldap-software@OpenLDAP.org
Subject: Re: Group membership problems
From: Daniel Tiefnig <openldap@qmail.infonova.at>
Date: Fri, 2 Nov 2001 10:57:25 +0000 (UTC)
Organization: Infonova
References: <008c01c1626c$430055d0$6400a8c0@philxp>

"Phil Oester" wrote...:

> I've got two users who are both members of the same group.  Yet
> only one of the users can successfully write to a directory which
> is writable by that group.  The only significant difference I can
> see between these users is that one is a member of many more groups
> than the other. 
> 
> ** Group definition:
> dn: cn=job,ou=Group,dc=foo,dc=bar
> objectClass: posixGroup
> objectClass: top
> cn: job
> gidNumber: 6019
> memberUid: arei
> memberUid: jain

try a ldapsearch for "memberUid=arei" in "ou=Group,dc=foo,dc=bar". see 
if the entry with cn=job is returned. if it is, continue below..

> ** Test:
> [root@sec02 /tmp]# ls -l
> drwxrwxr-x   2 root        job      176 Oct 31 19:01 foo
> 
> [root@sec02 /tmp]# cd foo
> 
> [root@sec02 foo]# su arei
> bash-2.03$ touch hi
> touch: hi cannot create
> bash-2.03$ exit
> 
> [root@sec02 foo]# su jain
> bash-2.03$ touch hi
> bash-2.03$

do a "su arei" and see what the command "id" returns. is the group 
"job" listed..? (as "6019(job)") if it is, are there any differences 
between arei and jain that might cause this behaviour..? (beside the 
number of groups..)

hth,
daniel

References:
- Group membership problems
  - From: "Phil Oester" <ldap@theoesters.com>

Prev by Date: Re: Integration with Outlook
Next by Date: Re: Help with core.schema and binary
Index(es):
- Chronological
- Thread