Hello, we run several 389 DirectoryServer with a master slave replication.
To support our old solaris enviroment we use "https://fedorahosted.org/slapi-nis/" for NIS: I use slapi-nis 0.26 from the Fedorarepository (src rpm) and compiled it for RH5. Solaris and other types of machines are running well. "id user" and "groups user" ist working. But I get with command "ypcat groups" doubled user entries for each group.
When I have a group for example: group "test1" with user "user1 user2" I get with ypcat group | grep test1: test1: user1 user2 user1 user2
When I execute the command: id user1 I get test1 only once.
In our dse.ldif I have following entries for group.byname: dn: nis-domain=xxxx+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=config objectClass: extensibleObject objectClass: top nis-domain: xxxx nis-map: group.byname nis-base: ou=Groups, dc=yyyyy, dc=com
and group.gid dn: nis-domain=xxxx+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=config objectClass: extensibleObject objectClass: top nis-domain: xxxx nis-map: group.bygid nis-base: ou=Groups, dc=yyyyy, dc=com
With LDAP I get: [root@NIS2LDAP ~]# ldapsearch -x -h localhost -s base -b "cn=test1,ou=groups,dc=yyyyy,dc=com" # extended LDIF # # LDAPv3 # base <cn=test1,ou=groups,dc=yyyyy,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# test1, Groups, yyyyy.com dn: cn=test1,ou=Groups,dc=yyyyy,dc=com objectClass: posixGroup objectClass: top objectClass: groupOfUniqueNames cn: tiger gidNumber: 484 memberUid: user1 memberUid: user2 uniqueMember: uid=user1,ou=People,dc=yyyyy,dc=com uniqueMember: uid=user2,ou=People,dc=yyyyy,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Is memberUid / uniqueMember a problem ?
thanks, br cnu
On Mon, Oct 24, 2011 at 06:56:27PM +0200, account@cnu.at99.at wrote:
Hello, we run several 389 DirectoryServer with a master slave replication.
To support our old solaris enviroment we use "https://fedorahosted.org/slapi-nis/" for NIS: I use slapi-nis 0.26 from the Fedorarepository (src rpm) and compiled it for RH5. Solaris and other types of machines are running well. "id user" and "groups user" ist working. But I get with command "ypcat groups" doubled user entries for each group.
When I have a group for example: group "test1" with user "user1 user2" I get with ypcat group | grep test1: test1: user1 user2 user1 user2
That looks to be formatted very oddly. Hopefully you munged it that way, but it's hard to tell.
When I execute the command: id user1 I get test1 only once.
In our dse.ldif I have following entries for group.byname: dn: nis-domain=xxxx+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=config objectClass: extensibleObject objectClass: top nis-domain: xxxx nis-map: group.byname nis-base: ou=Groups, dc=yyyyy, dc=com
and group.gid dn: nis-domain=xxxx+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=config objectClass: extensibleObject objectClass: top nis-domain: xxxx nis-map: group.bygid nis-base: ou=Groups, dc=yyyyy, dc=com
With LDAP I get: [root@NIS2LDAP ~]# ldapsearch -x -h localhost -s base -b "cn=test1,ou=groups,dc=yyyyy,dc=com" # extended LDIF # # LDAPv3 # base <cn=test1,ou=groups,dc=yyyyy,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# test1, Groups, yyyyy.com dn: cn=test1,ou=Groups,dc=yyyyy,dc=com objectClass: posixGroup objectClass: top objectClass: groupOfUniqueNames cn: tiger gidNumber: 484 memberUid: user1 memberUid: user2 uniqueMember: uid=user1,ou=People,dc=yyyyy,dc=com uniqueMember: uid=user2,ou=People,dc=yyyyy,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Is memberUid / uniqueMember a problem ?
It shouldn't be breaking anything, but it appears that you're getting both the group's "memberUid" values and the "uid" values from its "uniqueMember" values, all showing up in the group entries.
The NIS server plugin should probably offer a way to prune out duplicate values, and possibly do so by default in places like lists of group members. (The Schema Compatibility plugin already does this because the APIs that Directory Server provides do this for it automatically.)
Cheers,
Nalin
389-users@lists.fedoraproject.org
-
cnu -
Nalin Dahyabhai