[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: LDAP group memberships not working

To: "Doug Grantham" <what.the.flux.capacitor@gmail.com>, <openldap-technical@openldap.org>
Subject: AW: LDAP group memberships not working
From: "Kick, Claus" <claus.kick@siemens.com>
Date: Thu, 12 Jun 2008 17:59:30 +0200
Content-class: urn:content-classes:message
In-reply-to: <af38af750806120645o23a08335h218d7bf62cfb2a98@mail.gmail.com>
References: <af38af750806120645o23a08335h218d7bf62cfb2a98@mail.gmail.com>
Thread-index: AcjMoeIqAfoAf42xRva8uHztPioGuAAA2RCA
Thread-topic: LDAP group memberships not working

Hello,

this is an example of our group structure which serves fine for our
Solaris servers:

gidNumber: 456454

memberUid: USER1

objectClass: posixGroup

objectClass:top

cn: mygroup

I think the problem is that you are using objectClass: groupofnames with
the member attribute.

Best Regards,

Claus


________________________________

Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org
[mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org]
Im Auftrag von Doug Grantham
Gesendet: Donnerstag, 12. Juni 2008 15:45
An: openldap-technical@openldap.org
Betreff: LDAP group memberships not working




Hey,

I'm setting up a small network with LDAP and I'm running into a little
trouble.

The openldap server is on a Suse linux box and the clients are on
solaris 10. Currently I'm trying to configure user authentication and
group memberships. So far I have the authentication working. Users can
log in on any of the solaris workstations. However, when these users log
in, they are not part of the correct groups. The only group that user is
a member of is their default group. But when that user logs in on the
linux server, things work just great and they're members of all the
correct groups.

For example:
USER1 is part of groups AAA, BBB, and CCC with their default group as
BBB. When this user logs into the linux server and performs the 'groups'
command, it will show this user is part of all three groups AAA, BBB,
and CCC. However, when this user logs into the solaris client and
perform's the 'groups' command, they're only a member of the BBB group.


The /etc/nsswitch.conf on the solaris machine is configure like:

passwd:   files ldap
group:    files ldap
host:     files
ipnodes:  files
netgroup:
etc...


The /var/ldap/ldap_client_file on the solaris machine is configured
like:

NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 12.12.74.122
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=edu
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy


Here is an ldapsearch command and the results:

ldapsearch -b "dc=mydomain,dc=edu" -h server1
"(objectclass=groupofnames)"

dn:  cn=AAA,ou=group,dc=mydomain,dc=edu
cn:  AAA
gidNumber:  601
member:  uid=USER1,ou=people,dc=mydomain,dc=edu
member:  uid=USER2,ou=people,dc=mydomain,dc=edu
member:  uid=USER3,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames

dn:  cn=BBB,ou=group,dc=mydomain,dc=edu
cn:  BBB
gidNumber:  602
member:  uid=USER1,ou=people,dc=mydomain,dc=edu
member:  uid=USER3,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames

dn:  cn=CCC,ou=group,dc=mydomain,dc=edu
cn:  CCC
gidNumber:  603
member:  uid=USER1,ou=people,dc=mydomain,dc=edu
member:  uid=USER2,ou=people,dc=mydomain,dc=edu
member:  uid=USER4,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames




This has been a really weird problem. The default groups are getting
properly set but none of the other memberships are working. I've not
found any help online and I'm pulling my hair out!

References:
- LDAP group memberships not working
  - From: "Doug Grantham" <what.the.flux.capacitor@gmail.com>

Prev by Date: Re: help with ldapsearch on uid
Next by Date: Re: help with ldapsearch on uid
Index(es):
- Chronological
- Thread