[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap group name resolving problem

Hi Pat,

On 29 Feb 2008, at 18:04, Pat Riehecky wrote:

In your /etc/libnss-ldap.conf do you have

pam_groupdn ou=Groups,dc=example,dc=com
pam_member_attribute uniquemember
nss_base_group         ou=Group,dc=example,dc=com?one

I don't have any pam_* settings enabled. I have tried with and without nss_base_group with no luck.

set?  Those have bitten me in the past.  You should also
check /etc/pam_ldap.conf

Here I didn't try the pam_groupdn because I didn't wan to enforce a group membership.




On Fri, 2008-02-29 at 17:43 +0000, Christian Weihrauch wrote:

I have problems with debian etch Linux clients resolving group names
served by our LDAP server. user and passwd work because I can login
"getent group" properly shows the group served by the LDAP server.
eg: #getent group

However "id username" only shows LDAP served groupIDs but not their names.
eg: #id chris
uid=1002(chris) gid=1000 groups=1000,20(dialout)

This means that I can't do things like chgrp eg: "chgroup mygroup
directoryname" gives:
"chgrp: invalid group `mygroup'"

I am using nscd and nsswitch.conf says:
passwd:         files ldap
group:          files ldap
shadow:         files ldap

Any ideas?