On 26/10, Giovanni Biscuolo wrote:
Dear Dieter thank you so much! * Dieter Klünter [2016-10-26 15:07:13 +0200]: [...]> memberUid:: IGFyaWFubmE=[...]> also, on a client machine configured to use libnss-ldapd, if I list > the groups with "sudo getent group" I can see the "clear text" > members (e.g. firstuser in the example above) but not the "hashed" > one; the same using the "members" commandto be a little more clear: "getent group" does not show the base64 encoded users (aka listed as "memberUid:: ..." in LDIF) on the other side, "groups <user>" correctly lists all the groups the user is member of, despite the base64 encoding of its memberUid attribute this way - fortunately - all the permissions and ACLs on the client machines are working fine, but superusers cannot get a list of group members with canonical tools like getent I have to find a solution to list groups and members... I'm lazy and I'd like to avoid to manually fix all the attributes
That sounds more like it's just not enumerating the users properly. First of all, which version of nss_ldap are you using, and could you post your config? There's for example a bug in 265 where there are missing entries when `nss_connect_policy` is set to `oneshot`, but some distros have patched it.
(Though I'd also recommend switching to nss-pam-ldapd instead, which is actually maintained.)
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
Description: PGP signature