[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap group name resolving problem

To: Christian Weihrauch <c.weihrauch@reading.ac.uk>
Subject: Re: ldap group name resolving problem
From: Pat Riehecky <prieheck@iwu.edu>
Date: Fri, 29 Feb 2008 12:04:20 -0600
Cc: openldap-technical@openldap.org
In-reply-to: <47C84442.1040605@reading.ac.uk>
Organization: Illinois Wesleyan University
References: <47C84442.1040605@reading.ac.uk>

In your /etc/libnss-ldap.conf do you have

pam_groupdn ou=Groups,dc=example,dc=com
pam_member_attribute uniquemember
nss_base_group         ou=Group,dc=example,dc=com?one

set?  Those have bitten me in the past.  You should also
check /etc/pam_ldap.conf

Pat


On Fri, 2008-02-29 at 17:43 +0000, Christian Weihrauch wrote:
> Hi,
> 
> I have problems with debian etch Linux clients resolving group names
> served by our LDAP server. user and passwd work because I can login
> properly.
> "getent group" properly shows the group served by the LDAP server.
> eg: #getent group
> mygroup:x:1000:chris
> 
> However "id username" only shows LDAP served groupIDs but not their names.
> eg: #id chris
> uid=1002(chris) gid=1000 groups=1000,20(dialout)
> 
> This means that I can't do things like chgrp eg: "chgroup mygroup
> directoryname" gives:
> "chgrp: invalid group `mygroup'"
> 
> I am using nscd and nsswitch.conf says:
> passwd:         files ldap
> group:          files ldap
> shadow:         files ldap
> 
> Any ideas?
> 
> Thanks!

Follow-Ups:
- Re: ldap group name resolving problem
  - From: Christian Weihrauch <c.weihrauch@reading.ac.uk>

References:
- ldap group name resolving problem
  - From: Christian Weihrauch <c.weihrauch@reading.ac.uk>

Prev by Date: ldap group name resolving problem
Next by Date: OpenLDAP to Kerberos, Take 2
Index(es):
- Chronological
- Thread