[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Fwd: Group entry in OpenLDAP]
- To: OpenLDAP Mail List <openldap-software@OpenLDAP.org>
- Subject: [Fwd: Group entry in OpenLDAP]
- From: Jorge Ruão <jruao@fe.up.pt>
- Date: Fri, 21 May 2004 14:51:10 +0100
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Hi,
I've OpenLDAP 2.1.25 with pam_ldap and nss_ldap installed in a Red Hat AS release 3 distribution.
Everything goes fine, except when a user authenticates to the system he always get the "Group ID 200 not found" message.
If I perform a ldapsearch with anonymous i can't see the entries for the groups that i've defined, I need to do an ldapsearch authenticated with the root.
The group entry is generated with the following ldif:
____________________________________________
dn: cn=usersGroup,ou=users,dc=fe,dc=up,dc=pt
objectClass: posixGroup
objectClass: top
objectClass: group
cn: usersGroup
gidNumber: 200
memberUid: usersGroup
____________________________________________
The user entry is generated with the following ldif:
____________________________________________
dn: uid=test,ou=users,dc=fe,dc=up,dc=pt
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uid: test
cn: test
userPassword: test
shadowLastChange: 12480
shadowMin: 0
shadowMax: 10
shadowWarning: 7
shadowInactive: 7
shadowExpire: 20000
loginShell: /bin/tcsh
uidNumber: 201
gidNumber: 200
homeDirectory: /home/test
____________________________________________
Can be something related to the access permissions?
My slapd.access file goes like this:
____________________________________________
access to attr=userPassword
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read
by self read
by anonymous auth
by * none
access to attr=cn,gecos,uid,uidNumber,gidNumber,loginShell,homeDirectory
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read
by self read
by users read
by anonymous read
by * none
access to attr=shadowMin,shadowMax,shadowLastChange,shadowWarning,shadowExpire,shadowInactive
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read
by self read
by users read
by anonymous none
by * none
access to dn="uid(.*),ou=.*,dc=fe,dc=up,dc=pt"
by dn="cn=admin,dc=fe,dc=up,dc=pt" write
by dn="uid=admin,ou=admins,dc=fe,dc=up,dc=pt" read
by dn="uid=admindn,ou=admins,dc=fe,dc=up,dc=pt" read
by self read
by anonymous read
by * none
____________________________________________
I really can't find where the problem can be....
Thanks,
Jorge Ruão