[Date Prev][Date Next] [Chronological] [Thread] [Top]

nss_map_attribute gidNumber problem

I have user accounts for various systems within an OpenLDAP db (OpenLDAP 2.4.12 on openSUSE 11.1). Clients are running the same version on the same OS.
As accounts have different requirements depending on which host is being logged into, I've created a custom schema which implements the following custom attributes: 

loginShellSYS1
homeDirectorySYS1
gidNumberSYS1

...and so on for multiple SYSn systems.

On the client using nss_ldap side I am mapping these to the plain
attributes as so in /etc/ldap.conf:

nss_map_attribute loginShell loginShellSYS1
nss_map_attribute homeDirectory homeDirectorySYS1
nss_map_attribute gidNumber gidNumberSYS1

Everything works perfectly EXCEPT for the gidNumber mapping. If that's
in place then 'getent group' does not return the LDAP groups. The logs
on the LDAP server suggest that the correct information has been
requested, and it does indeed churn out all the expected results, but
the client seems to be failing in doing the mapping at the last step.

ldapsearch on an account from the client returns all the expected
attributes including the gidNumberSYSn ones.

The LDAP accounts also have a normal gidNumber attribute, and if I
remove the mapping and use that, then getent group returns the expected
results.
In fact, checking the LDAP server logs, it seems that when gidNumber is mapped, getent is requesting 'cn' instead of 'gidNumber' from the record. Without the mapping, it correctly requests the gidNumber attribute. 

It's entirely likely that I've done something plain silly which is
causing this problem, but is there any special behaviour regarding group mapping that I should have taken into account? 

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                http://www.le.ac.uk/its/
IT Services                                   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom