[Date Prev][Date Next] [Chronological] [Thread] [Top]

memberUID vs. uniqueMember

To: OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: memberUID vs. uniqueMember
From: "Ryurick M. Hristev" <ryurick.hristev@canterbury.ac.nz>
Date: Wed, 23 Apr 2003 11:11:52 +1200 (NZST)

Hello all,

I've done an authentication migration to an OpenLDAP based system
running on a RedHat based Linux system.

All is well except one thing: secondary group membership is not taken
into account, e.g. when needed to access files/dirs.

My understanding is that the secondary group membership should be based
on the uniqueMember rather than the memberUID (deprecated).

If I use the memberUID for group membership everything works as expected
but when I use uniqueMember funny things happen:
1. 'id' shows only the primary group 
   while 'id <username>' works as expected
2. the secondary group membership is not taken into account
   until I do a specific newgrp <secondary_group>
   (logging in/out is not the issue here) 

I wonder if this is a bug or a misconfiguration in e.g. /etc/ldap.conf (or pam)
E.g. is the following setting important ?
        pam_member_attribute uniquemember
(makes no difference as far as I can tell, anyway)

Should I move to memberUID --- AFAIK deprecated ?

I couldn't find any clear answer on the web, etc.

TIA for any answer.
-- 
Ryurick M. Hristev mailto:ryurick.hristev@canterbury.ac.nz
Computer Systems Manager
University of Canterbury, Physics & Astronomy Dept., New Zealand

Prev by Date: Error code 17 when adding through JNDI
Next by Date: Numerical result out of range
Index(es):
- Chronological
- Thread