[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Unix id command and Openldap



Guys I found this searching for inofrmation about the tasty group defined on the ldap server:

vmlx-lamp-intg:/home/okossuth # ldapsearch -x -h vmlx-ldapauth-test.in.iantel.com.uy  -b 'ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' cn=Tasty
# extended LDIF
#
# LDAPv3
# base <ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter: cn=Tasty
# requesting: ALL
#

# Tasty, Grupos, Teleinformatica, vmlx-ldapauth-test.in.iantel.com.uy
dn: cn=Tasty,ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.c
 om.uy
cn: Tasty
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
gidNumber: 7898

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

As it seems, it never shows the member or memberUid attributes.
I have defined a couple of user beloging to the tasty group using ldapmodify and phpldapadmin shows me the attributes but not the id command.
Could this be the source of the problem with the id command not showing supplementary groups?

Thanks!

Saludos,

Oskar Kossuth 
Administrador UNIX
ANTEL Telecomunicaciones


-----Mensaje original-----
De: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk] 
Enviado el: Wednesday, December 17, 2008 3:50 PM
Para: Kossuth Espinosa, Oskar
CC: claus.kick@siemens.com; openldap-technical@openldap.org
Asunto: Re: Unix id command and Openldap

On Wed, Dec 17, 2008 at 03:40:54PM -0200, okossuth@antel.com.uy wrote:

> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.

OK - from a quick scan of those I would expect a group lookup to be
roughly equivalent to this search:

ldapsearch -x -b \
"ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" \
'(memberUID=XXX)'

where XXX is the username of a user that appears in some group.

What do you get if you try that search? Could you post a typical entry
from the
ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy
area?

It would still be useful to post the log output when running slapd
with loglevel 768 (stats + stats2)

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

El   presente  correo   y   cualquier    posible   archivo   adjunto  está
dirigido  únicamente  al destinatario  del  mensaje y contiene información
que  puede ser  confidencial.  Si  Ud. no es el destinatario  correcto por 
favor notifique al remitente respondiendo  anexando este mensaje y elimine 
inmediatamente   el e-mail y los posibles archivos adjuntos al mismo de su 
sistema. Está  prohibida  cualquier utilización,  difusión o copia de este 
e-mail por   cualquier  persona  o  entidad  que  no  sean las específicas 
destinatarias del  mensaje.  ANTEL  no acepta  ninguna responsabilidad con 
respecto  a cualquier  comunicación  que  haya sido  emitida  incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is  intended solely for 
the addressee(s).  If you are not  intended  recipient  please  inform the 
sender immediately,  answering  this  e-mail and  delete it as well as the 
attached files. Any use, circulation or copy of this e-mail by  any person 
or entity that is not the specific  addressee(s)  is prohibited.  ANTEL is 
not  responsible  for  any  communication  emitted  without respecting our
Information Security Policy.