[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: user removed from ldap group but Linux groups command still shows user as member of the group

To: Bernard Fay <bernard.fay@gmail.com>
Subject: Re: user removed from ldap group but Linux groups command still shows user as member of the group
From: Dan White <dwhite@cafedemocracy.org>
Date: Fri, 24 Feb 2017 08:08:53 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAH3AE4b16BtcjR+G0Yk7s-AERFfVkCvgY4FCv77i+xEy5JQLow@mail.gmail.com>
References: <CAH3AE4b16BtcjR+G0Yk7s-AERFfVkCvgY4FCv77i+xEy5JQLow@mail.gmail.com>
User-agent: NeoMutt/20161014 (1.7.1)

On 02/24/17 08:55 -0500, Bernard Fay wrote:

I removed a user from an LDAP group about a week ago. Today, this user
still shows as member of the group with the Linux command groups. Also, the
group (Administrators) appears twice in the output of the command id:
uid=10000(username) gid=10000(Administrators)
groups=10001(users),10005(devel),10011(video),10015(ansible),10000(Administrators)

The command getent though shows the proper group assignation:
getent group | grep username | cut -d: -f1
users
devel
video
ansible

All of those groups are LDAP group.


Is this from a long running shell? If so, start a new shell or
run newgrp.

Otherwise, verify that it is not cached (such as with nscd), and trouble
shoot as an nss ldap problem.

--
Dan White

References:
- user removed from ldap group but Linux groups command still shows user as member of the group
  - From: Bernard Fay <bernard.fay@gmail.com>

Prev by Date: user removed from ldap group but Linux groups command still shows user as member of the group
Next by Date: Re: user removed from ldap group but Linux groups command still shows user as member of the group
Index(es):
- Chronological
- Thread