[Date Prev][Date Next] [Chronological] [Thread] [Top]

memberUID vs. uniqueMember

Hello all,

I've done an authentication migration to an OpenLDAP based system
running on a RedHat based Linux system.

All is well except one thing: secondary group membership is not taken
into account, e.g. when needed to access files/dirs.

My understanding is that the secondary group membership should be based
on the uniqueMember rather than the memberUID (deprecated).

If I use the memberUID for group membership everything works as expected
but when I use uniqueMember funny things happen:
1. 'id' shows only the primary group 
   while 'id <username>' works as expected
2. the secondary group membership is not taken into account
   until I do a specific newgrp <secondary_group>
   (logging in/out is not the issue here) 

I wonder if this is a bug or a misconfiguration in e.g. /etc/ldap.conf (or pam)
E.g. is the following setting important ?
        pam_member_attribute uniquemember
(makes no difference as far as I can tell, anyway)

Should I move to memberUID --- AFAIK deprecated ?

I couldn't find any clear answer on the web, etc.

TIA for any answer.
Ryurick M. Hristev mailto:ryurick.hristev@canterbury.ac.nz
Computer Systems Manager
University of Canterbury, Physics & Astronomy Dept., New Zealand