[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: some memberUid in my database are hashed

On 26/10, Giovanni Biscuolo wrote:
Dear Dieter thank you so much!

* Dieter Klünter [2016-10-26 15:07:13 +0200]:


> memberUid:: IGFyaWFubmE=


> also, on a client machine configured to use libnss-ldapd, if I list
> the groups with "sudo getent group" I can see the "clear text"
> members (e.g. firstuser in the example above) but not the "hashed"
> one; the same using the "members" command

to be a little more clear: "getent group" does not show the base64 encoded
users (aka listed as "memberUid:: ..." in LDIF)

on the other side, "groups <user>" correctly lists all the groups the user
is member of, despite the base64 encoding of its memberUid attribute

this way - fortunately - all the permissions and ACLs on the client machines
are working fine, but superusers cannot get a list of group members with
canonical tools like getent

I have to find a solution to list groups and members... I'm lazy and I'd
like to avoid to manually fix all the attributes

That sounds more like it's just not enumerating the users properly. First of all, which version of nss_ldap are you using, and could you post your config? There's for example a bug in 265 where there are missing entries when `nss_connect_policy` is set to `oneshot`, but some distros have patched it.

(Though I'd also recommend switching to nss-pam-ldapd instead, which is actually maintained.)

 Johannes Löthberg
 PGP Key ID: 0x50FB9B273A9D0BB5

Attachment: signature.asc
Description: PGP signature