[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap group name resolving problem

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: ldap group name resolving problem
From: Christian Weihrauch <c.weihrauch@reading.ac.uk>
Date: Mon, 03 Mar 2008 10:41:24 +0000
Cc: openldap-technical@openldap.org
In-reply-to: <200803031106.01519.bgmilne@staff.telkomsa.net>
References: <47C84442.1040605@reading.ac.uk> <200803031106.01519.bgmilne@staff.telkomsa.net>
User-agent: Thunderbird 1.5.0.14ubu (X11/20080227)

Hi Buchan,

Buchan Milne wrote:
> On Friday 29 February 2008 19:43:30 Christian Weihrauch wrote:
>> Hi,
>>
>> I have problems with debian etch Linux clients resolving group names
>> served by our LDAP server. user and passwd work because I can login
>> properly.
> 
> Do you have other clients which work correctly?
No, I have 3 nodes which show the same problem. Having said that they
are all debian etch with the same config.

> 
>> "getent group" properly shows the group served by the LDAP server.
>> eg: #getent group
>> mygroup:x:1000:chris
> 
> So, resolving group names actually works.
Yes.
> 
>> However "id username" only shows LDAP served groupIDs but not their names.
>> eg: #id chris
>> uid=1002(chris) gid=1000 groups=1000,20(dialout)
>>
>> This means that I can't do things like chgrp eg: "chgroup mygroup
>> directoryname" gives:
>> "chgrp: invalid group `mygroup'"
> 
> I would stop nscd first, and test again.
Tried that with no luck.
> 
>> I am using nscd and nsswitch.conf says:
> 
> (note that nsswitch doesn't have that much to do with nscd ... but nscd can 
> make changes in nsswitch.conf take longer to apply, due to caching)
> 
>> passwd:         files ldap
>> group:          files ldap
>> shadow:         files ldap
> 
> I assume both the above commands (getent group, and id chris) were run as the 
> same user, if not, you should specify if they were run as root or not in each 
> case, as this could be a binddn/anonymous vs rootbinddn issue.
Makes no difference in my case root/user with/without nscd all the same
outcome.

Thanks!

Chris
-- 
Christian Weihrauch, M.Sc., Dipl.-Ing. (FH)
Research Assistant

ACET Centre
School of System Engineering
The University of Reading
Philip Lyle Building
Whiteknights, PO Box 68
Reading, RG6 6BX, UK
---------------------------------------------------------------------
Email: c.weihrauch@reading.ac.uk
Tel:   +44 (0)118 378 7645
Fax:   +44 (0)118 378 5224
WWW:   http://acet.rdg.ac.uk/~cw/
---------------------------------------------------------------------
Department web-site: http://www.sse.rdg.ac.uk/
---------------------------------------------------------------------

References:
- Re: ldap group name resolving problem
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: LDAP replication when NTP server sets the time ahead
Next by Date: Re: LDAP replication when NTP server sets the time ahead
Index(es):
- Chronological
- Thread