Juan Asensio Sánchez wrote:
2010/5/3 Rich Megginson <rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>>
Juan Asensio Sánchez wrote:
> Hi
>
> 2010/5/3 Rich Megginson <rmeggins(a)redhat.com
<mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com
<mailto:rmeggins@redhat.com>>>
>
> > We are having trouble since we have updated from version
1.1.3 to
> > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients
into LDAP.
> > When we try to make "getent group", we only get one group
and its
> > members, but no the rest of the groups (should be more
than 1000
> groups).
> What platform? 32-bit or 64-bit?
> How many groups? Do you only get this error when you
attempt a search
> to return this many groups?
>
>
> "getent group" should return the local groups (that are show
fine) and
> about 729 LDAP groups.
How many groups total? Roughly how many members? I'm trying to get
some idea about how many entries and how many bytes should be
returned.
> If I do the same search with the command ldapsearch,
ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ?
I run these queries:
Total groups:
# ldapsearch -H ldaps://XXXXXXX -x -LLL -b
"ou=Groups,o=XXXXXXX,dc=XXXXXXX,XXXXXXX=es" -D "cn=Application
Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn
userPassword memberUid uniqueMember gidNumber | grep -E "^dn:" | wc -l
729
Total members:
# ldapsearch -H ldaps://XXXXXXX -x -LLL -b
"ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application
Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn
userPassword memberUid uniqueMember gidNumber | grep -E -i
"^uniquemember:" | wc -l
23348
Total unique members:
# ldapsearch -H ldaps://XXXXXXX -x -LLL -b
"ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application
Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn
userPassword memberUid uniqueMember gidNumber | grep -E -i
"^uniquemember:" | sort | uniq | wc -l
9365
So it appears that using ldapsearch with ldaps returns the correct
information, it's just that getent does not? both ldapsearch and getent
go through the same ldap + openssl libraries, both bind as "application
manager", it's mostly the same code path, so I'm not sure why getent
would behave differently. I'm assuming you don't see the same incorrect
Message Authentication Code error when you use ldapsearch.
Please file a bug -
https://bugzilla.redhat.com/enter_bug.cgi?product=389
------------------------------------------------------------------------
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users