[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP group memberships not working
Hey,
I'm setting up a small network with LDAP and I'm running into a little trouble.
The openldap server is on a Suse linux box and the clients are on solaris 10. Currently I'm trying to configure user authentication and group memberships. So far I have the authentication working. Users can log in on any of the solaris workstations. However, when these users log in, they are not part of the correct groups. The only group that user is a member of is their default group. But when that user logs in on the linux server, things work just great and they're members of all the correct groups.
For example:
USER1 is part of groups AAA, BBB, and CCC with their default group as BBB. When this user logs into the linux server and performs the 'groups' command, it will show this user is part of all three groups AAA, BBB, and CCC. However, when this user logs into the solaris client and perform's the 'groups' command, they're only a member of the BBB group.
The /etc/nsswitch.conf on the solaris machine is configure like:
passwd: files ldap
group: files ldap
host: files
ipnodes: files
netgroup:
etc...
The /var/ldap/ldap_client_file on the solaris machine is configured like:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 12.12.74.122
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=edu
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
Here is an ldapsearch command and the results:
ldapsearch -b "dc=mydomain,dc=edu" -h server1 "(objectclass=groupofnames)"
dn: cn=AAA,ou=group,dc=mydomain,dc=edu
cn: AAA
gidNumber: 601
member: uid=USER1,ou=people,dc=mydomain,dc=edu
member: uid=USER2,ou=people,dc=mydomain,dc=edu
member: uid=USER3,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames
dn: cn=BBB,ou=group,dc=mydomain,dc=edu
cn: BBB
gidNumber: 602
member: uid=USER1,ou=people,dc=mydomain,dc=edu
member: uid=USER3,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames
dn: cn=CCC,ou=group,dc=mydomain,dc=edu
cn: CCC
gidNumber: 603
member: uid=USER1,ou=people,dc=mydomain,dc=edu
member: uid=USER2,ou=people,dc=mydomain,dc=edu
member: uid=USER4,ou=people,dc=mydomain,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: groupofnames
This has been a really weird problem. The default groups are getting properly set but none of the other memberships are working. I've not found any help online and I'm pulling my hair out!