[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Unix id command and Openldap
Thanks for your reply claus
My problem is that I only see the primary group without the supplementary ones, whenever the groups are stored in the LDAP if the user is in the ldap server.
If the user is local (defined in /etc/passwd)I can see the primary group and suplementary groups without a problem(these groups are local also)...
I have some groups stored only on the ldap server, and others locally.
for example:
the jbosstest user is defined in the ldap server only, and is member of the groups ldaptest and mysql(also defined only on the ldap server). when I use the command id I get:
# id jbosstest
uid=7000(jbosstest) gid=7002(ldaptest) groups=7002(ldaptest)
id never shows me the supplementary group mysql...
Any ideas?
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org [mailto:openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org] En nombre de Kick, Claus
Enviado el: Wednesday, December 17, 2008 4:56 AM
Para: openldap-technical@openldap.org
Asunto: AW: Unix id command and Openldap
Hello Oskar,
>Hi
>Does the id command works with a system using OPENLDAP authentication ?
Yes.
>I have implemented a server with openldap 2.4 and several clients use
this system to authenticate
>users, and works fine except that when I do a "id user" on a client it
only gives me the information of the primary
>group which the user belongs to and not of the suplementary groups that
he is also a member of in the LDAP server...
So you mean you only see OS-groups when using "id"?
>any ideas??
It appears as if an ACL is not set properly.
How/Where are your groups stored in the ldap backend?
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.