[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Unix id command and Openldap

To: <claus.kick@siemens.com>, <openldap-technical@openldap.org>
Subject: RE: Unix id command and Openldap
From: <okossuth@antel.com.uy>
Date: Wed, 17 Dec 2008 14:20:40 -0200
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <76B33C75B0B0EC46A3BD4E9D988703820270C0BD@ERLM863A.ww001.siemens.net>
Thread-index: AclccM+0DfcC7MhkEd3GhwAWF6VpiADKHKAgAAH9vOAAHufpMAARLBuQ
Thread-topic: Unix id command and Openldap

Thanks for your reply claus

My problem is that I only see the primary group without the  supplementary ones, whenever the groups are stored in the LDAP if the user is in the ldap server.

If the user is local (defined in /etc/passwd)I can see the primary group and suplementary groups without a problem(these groups are local also)...
I have some groups stored only on the ldap server, and others locally.
for example:

the jbosstest user  is defined in the ldap server only, and is member of the groups ldaptest and mysql(also defined only on the ldap server). when I use the command id I get:

# id jbosstest
uid=7000(jbosstest) gid=7002(ldaptest) groups=7002(ldaptest)

id never shows me the supplementary group mysql...

Any ideas?


Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones

-----Mensaje original-----
De: openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org [mailto:openldap-technical-bounces+okossuth=antel.com.uy@OpenLDAP.org] En nombre de Kick, Claus
Enviado el: Wednesday, December 17, 2008 4:56 AM
Para: openldap-technical@openldap.org
Asunto: AW: Unix id command and Openldap


 Hello Oskar,

>Hi
>Does the id command works with a system using OPENLDAP authentication ?

Yes.

>I have implemented a server with openldap 2.4 and several clients use
this system to authenticate
>users, and works fine except that when I do a "id user" on a client  it
only gives me the information of the primary
>group which the user belongs to and not of the suplementary groups that
he is also a member of in the LDAP server...

So you mean you only see OS-groups when using "id"?

>any ideas??

It appears as if an ACL is not set properly.
How/Where are your groups stored in the ldap backend?


El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.

Follow-Ups:
- Re: Unix id command and Openldap
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- AW: Unix id command and Openldap
  - From: "Kick, Claus" <claus.kick@siemens.com>

Prev by Date: Openldap 2.3.39 Solaris 9 (maybe memory leaks).
Next by Date: Re: Unix id command and Openldap
Index(es):
- Chronological
- Thread