[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Unix id command and Openldap
Guys I found this searching for inofrmation about the tasty group defined on the ldap server:
vmlx-lamp-intg:/home/okossuth # ldapsearch -x -h vmlx-ldapauth-test.in.iantel.com.uy -b 'ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy' cn=Tasty
# extended LDIF
#
# LDAPv3
# base <ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy> with scope subtree
# filter: cn=Tasty
# requesting: ALL
#
# Tasty, Grupos, Teleinformatica, vmlx-ldapauth-test.in.iantel.com.uy
dn: cn=Tasty,ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.c
om.uy
cn: Tasty
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
gidNumber: 7898
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
As it seems, it never shows the member or memberUid attributes.
I have defined a couple of user beloging to the tasty group using ldapmodify and phpldapadmin shows me the attributes but not the id command.
Could this be the source of the problem with the id command not showing supplementary groups?
Thanks!
Saludos,
Oskar Kossuth
Administrador UNIX
ANTEL Telecomunicaciones
-----Mensaje original-----
De: Andrew Findlay [mailto:andrew.findlay@skills-1st.co.uk]
Enviado el: Wednesday, December 17, 2008 3:50 PM
Para: Kossuth Espinosa, Oskar
CC: claus.kick@siemens.com; openldap-technical@openldap.org
Asunto: Re: Unix id command and Openldap
On Wed, Dec 17, 2008 at 03:40:54PM -0200, okossuth@antel.com.uy wrote:
> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the client.
OK - from a quick scan of those I would expect a group lookup to be
roughly equivalent to this search:
ldapsearch -x -b \
"ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy" \
'(memberUID=XXX)'
where XXX is the username of a user that appears in some group.
What do you get if you try that search? Could you post a typical entry
from the
ou=Grupos,ou=Teleinformatica,dc=vmlx-ldapauth-test,dc=in.iantel.com.uy
area?
It would still be useful to post the log output when running slapd
with loglevel 768 (stats + stats2)
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
El presente correo y cualquier posible archivo adjunto está
dirigido únicamente al destinatario del mensaje y contiene información
que puede ser confidencial. Si Ud. no es el destinatario correcto por
favor notifique al remitente respondiendo anexando este mensaje y elimine
inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su
sistema. Está prohibida cualquier utilización, difusión o copia de este
e-mail por cualquier persona o entidad que no sean las específicas
destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con
respecto a cualquier comunicación que haya sido emitida incumpliendo
nuestra Política de Seguridad de la Información.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for
the addressee(s). If you are not intended recipient please inform the
sender immediately, answering this e-mail and delete it as well as the
attached files. Any use, circulation or copy of this e-mail by any person
or entity that is not the specific addressee(s) is prohibited. ANTEL is
not responsible for any communication emitted without respecting our
Information Security Policy.