3:06 p.m.
Hi,
I've searched hi and low and found a couple references to the problem I
have but no solutions.
If I issue 'getent passwd' I can see all the ldap users, if I issue a
getent group I cannot see any of the ldap groups. When I log into one of
my linux boxes I get 'id: cannot find name for group ID 500' (500 is an
ldap group).
What would cause this issue? I've been beating my head against it for a
couple days and decided to turn to the experts.
Thanks,
Paul
3:11 p.m.
Paul,
You probably need to assign a gidnumber (posixgroup attribute) to your
primary ldap group. I've noticed that linux boxes only recognize group
memberships for groups that have gid's.
Aaron
Paul Fontenot wrote:
Hi,
I've searched hi and low and found a couple references to the problem I
have but no solutions.
If I issue 'getent passwd' I can see all the ldap users, if I issue a
getent group I cannot see any of the ldap groups. When I log into one of
my linux boxes I get 'id: cannot find name for group ID 500' (500 is an
ldap group).
What would cause this issue? I've been beating my head against it for a
couple days and decided to turn to the experts.
Thanks,
Paul
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Aaron Bliss
Systems Administrator
SUNY Brockport
(585) 395-2417
3:21 p.m.
Thanks Aaron,
That's what has me stumped, the GID is there (that's the 500). I guess
what has me confused is I can't figure out how to tie that number to a
group and have it show in the getent group query.
-Paul
On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
Paul,
You probably need to assign a gidnumber (posixgroup attribute) to your
primary ldap group. I've noticed that linux boxes only recognize group
memberships for groups that have gid's.
Aaron
Paul Fontenot wrote:
> Hi,
>
> I've searched hi and low and found a couple references to the problem I
> have but no solutions.
>
> If I issue 'getent passwd' I can see all the ldap users, if I issue a
> getent group I cannot see any of the ldap groups. When I log into one of
> my linux boxes I get 'id: cannot find name for group ID 500' (500 is an
> ldap group).
>
> What would cause this issue? I've been beating my head against it for a
> couple days and decided to turn to the experts.
>
> Thanks,
>
> Paul
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
3:40 p.m.
I'm *assuming* you mean somewhere other than here (in the attached png
file). When I go to create the group and attempt to add the posixgroup
object class I do not see that option anywhere - lots of other things
though. I will go back to hunting the information on the fedora site as
well.
Thanks for the help,
-Paul
On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:
Paul,
You have to create a group in ldap, then add the posixgroup object
class. If you do this thru the admin console, you will then see a
text box appear called gidnumber. In that box enter whatever gid you
wish to use.
Aaron
Paul Fontenot wrote:
> Thanks Aaron,
>
> That's what has me stumped, the GID is there (that's the 500). I guess
> what has me confused is I can't figure out how to tie that number to a
> group and have it show in the getent group query.
>
> -Paul
>
> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
>
> > Paul,
> > You probably need to assign a gidnumber (posixgroup attribute) to your
> > primary ldap group. I've noticed that linux boxes only recognize group
> > memberships for groups that have gid's.
> >
> > Aaron
> >
> > Paul Fontenot wrote:
> >
> > > Hi,
> > >
> > > I've searched hi and low and found a couple references to the problem
I
> > > have but no solutions.
> > >
> > > If I issue 'getent passwd' I can see all the ldap users, if I
issue a
> > > getent group I cannot see any of the ldap groups. When I log into one of
> > > my linux boxes I get 'id: cannot find name for group ID 500' (500
is an
> > > ldap group).
> > >
> > > What would cause this issue? I've been beating my head against it for
a
> > > couple days and decided to turn to the experts.
> > >
> > > Thanks,
> > >
> > > Paul
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> > >
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Aaron Bliss
Systems Administrator
SUNY Brockport
(585) 395-2417
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
3:41 p.m.
Make sure you've added the objectclass 'posixgroup' to the ldap group.
Also, you might also have to add the objectclass shadowAccount in case
of AIX (forget which version).
-Satish.
Paul Fontenot wrote:
Hi,
I've searched hi and low and found a couple references to the problem I
have but no solutions.
If I issue 'getent passwd' I can see all the ldap users, if I issue a
getent group I cannot see any of the ldap groups. When I log into one of
my linux boxes I get 'id: cannot find name for group ID 500' (500 is an
ldap group).
What would cause this issue? I've been beating my head against it for a
couple days and decided to turn to the experts.
Thanks,
Paul
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
3:44 p.m.
Paul,
Go to the group entry. Right click and select 'Advanced properties'.
Click on objectclass and click 'Add Value'. It should like all
objectclasses you can add.
-Satish.
Paul Fontenot wrote:
I'm *assuming* you mean somewhere other than here (in the
attached png
file). When I go to create the group and attempt to add the posixgroup
object class I do not see that option anywhere - lots of other things
though. I will go back to hunting the information on the fedora site as
well.
Thanks for the help,
-Paul
On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:
> Paul,
> You have to create a group in ldap, then add the posixgroup object
> class. If you do this thru the admin console, you will then see a
> text box appear called gidnumber. In that box enter whatever gid you
> wish to use.
>
> Aaron
>
> Paul Fontenot wrote:
>> Thanks Aaron,
>>
>> That's what has me stumped, the GID is there (that's the 500). I guess
>> what has me confused is I can't figure out how to tie that number to a
>> group and have it show in the getent group query.
>>
>> -Paul
>>
>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
>>
>>> Paul,
>>> You probably need to assign a gidnumber (posixgroup attribute) to your
>>> primary ldap group. I've noticed that linux boxes only recognize group
>>> memberships for groups that have gid's.
>>>
>>> Aaron
>>>
>>> Paul Fontenot wrote:
>>>
>>>> Hi,
>>>>
>>>> I've searched hi and low and found a couple references to the problem
I
>>>> have but no solutions.
>>>>
>>>> If I issue 'getent passwd' I can see all the ldap users, if I
issue a
>>>> getent group I cannot see any of the ldap groups. When I log into one of
>>>> my linux boxes I get 'id: cannot find name for group ID 500' (500
is an
>>>> ldap group).
>>>>
>>>> What would cause this issue? I've been beating my head against it for
a
>>>> couple days and decided to turn to the experts.
>>>>
>>>> Thanks,
>>>>
>>>> Paul
>>>>
>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users(a)redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
> --
> Aaron Bliss
> Systems Administrator
> SUNY Brockport
> (585) 395-2417
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
4:06 p.m.
Thanks Satish,
I have added all this (including the shadowAccount attribute). getent
passwd / shadow work correctly but group still does not. I'm off to find
documentation...
Thanks,
-Paul
On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote:
Paul,
Go to the group entry. Right click and select 'Advanced properties'.
Click on objectclass and click 'Add Value'. It should like all
objectclasses you can add.
-Satish.
Paul Fontenot wrote:
> I'm *assuming* you mean somewhere other than here (in the attached png
> file). When I go to create the group and attempt to add the posixgroup
> object class I do not see that option anywhere - lots of other things
> though. I will go back to hunting the information on the fedora site as
> well.
>
> Thanks for the help,
>
> -Paul
>
> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:
>> Paul,
>> You have to create a group in ldap, then add the posixgroup object
>> class. If you do this thru the admin console, you will then see a
>> text box appear called gidnumber. In that box enter whatever gid you
>> wish to use.
>>
>> Aaron
>>
>> Paul Fontenot wrote:
>>> Thanks Aaron,
>>>
>>> That's what has me stumped, the GID is there (that's the 500). I
guess
>>> what has me confused is I can't figure out how to tie that number to a
>>> group and have it show in the getent group query.
>>>
>>> -Paul
>>>
>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
>>>
>>>> Paul,
>>>> You probably need to assign a gidnumber (posixgroup attribute) to your
>>>> primary ldap group. I've noticed that linux boxes only recognize
group
>>>> memberships for groups that have gid's.
>>>>
>>>> Aaron
>>>>
>>>> Paul Fontenot wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I've searched hi and low and found a couple references to the
problem I
>>>>> have but no solutions.
>>>>>
>>>>> If I issue 'getent passwd' I can see all the ldap users, if
I issue a
>>>>> getent group I cannot see any of the ldap groups. When I log into
one of
>>>>> my linux boxes I get 'id: cannot find name for group ID 500'
(500 is an
>>>>> ldap group).
>>>>>
>>>>> What would cause this issue? I've been beating my head against
it for a
>>>>> couple days and decided to turn to the experts.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users(a)redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>> --
>> Aaron Bliss
>> Systems Administrator
>> SUNY Brockport
>> (585) 395-2417
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>> ------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
4:11 p.m.
Paul,
You can do few things to debug...
* Check the server log to see what happens...
* Do the same with ldapsearch and see if you get results. Ex. ldapsearch
-h myhost -p 389 -b "dc=example, dc=com" "objectclass=posixgroup"
etc...
* Check /etc/nsswitch.conf to make sure the 'ldap' is included in the
search order (if you use authconfig on Linux it will set it for you).
-Satish.
Paul Fontenot wrote:
Thanks Satish,
I have added all this (including the shadowAccount attribute). getent
passwd / shadow work correctly but group still does not. I'm off to find
documentation...
Thanks,
-Paul
On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote:
> Paul,
> Go to the group entry. Right click and select 'Advanced properties'.
> Click on objectclass and click 'Add Value'. It should like all
> objectclasses you can add.
>
> -Satish.
>
> Paul Fontenot wrote:
>> I'm *assuming* you mean somewhere other than here (in the attached png
>> file). When I go to create the group and attempt to add the posixgroup
>> object class I do not see that option anywhere - lots of other things
>> though. I will go back to hunting the information on the fedora site as
>> well.
>>
>> Thanks for the help,
>>
>> -Paul
>>
>> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:
>>> Paul,
>>> You have to create a group in ldap, then add the posixgroup object
>>> class. If you do this thru the admin console, you will then see a
>>> text box appear called gidnumber. In that box enter whatever gid you
>>> wish to use.
>>>
>>> Aaron
>>>
>>> Paul Fontenot wrote:
>>>> Thanks Aaron,
>>>>
>>>> That's what has me stumped, the GID is there (that's the 500). I
guess
>>>> what has me confused is I can't figure out how to tie that number to
a
>>>> group and have it show in the getent group query.
>>>>
>>>> -Paul
>>>>
>>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
>>>>
>>>>> Paul,
>>>>> You probably need to assign a gidnumber (posixgroup attribute) to
your
>>>>> primary ldap group. I've noticed that linux boxes only recognize
group
>>>>> memberships for groups that have gid's.
>>>>>
>>>>> Aaron
>>>>>
>>>>> Paul Fontenot wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've searched hi and low and found a couple references to the
problem I
>>>>>> have but no solutions.
>>>>>>
>>>>>> If I issue 'getent passwd' I can see all the ldap users,
if I issue a
>>>>>> getent group I cannot see any of the ldap groups. When I log into
one of
>>>>>> my linux boxes I get 'id: cannot find name for group ID
500' (500 is an
>>>>>> ldap group).
>>>>>>
>>>>>> What would cause this issue? I've been beating my head
against it for a
>>>>>> couple days and decided to turn to the experts.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Fedora-directory-users mailing list
>>>>>> Fedora-directory-users(a)redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users(a)redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>> --
>>> Aaron Bliss
>>> Systems Administrator
>>> SUNY Brockport
>>> (585) 395-2417
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
4:31 p.m.
ldapsearch appears to be fine:
[root@ldap bin]# ./ldapsearch -b "dc=fontenotshome,dc=org"
"objectclass=posixgroup"
version: 1
dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxAdmins
gidNumber: 750
uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org
dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxUsers
gidNumber: 500
uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org
[root@ldap bin]#
and the logs don't show any errors. Does this thing do caching and if so
how can itbe cleared, reset, etc...
On Wed, 2008-01-02 at 17:11 -0500, Satish Chetty wrote:
Paul,
You can do few things to debug...
* Check the server log to see what happens...
* Do the same with ldapsearch and see if you get results. Ex. ldapsearch
-h myhost -p 389 -b "dc=example, dc=com" "objectclass=posixgroup"
etc...
* Check /etc/nsswitch.conf to make sure the 'ldap' is included in the
search order (if you use authconfig on Linux it will set it for you).
-Satish.
Paul Fontenot wrote:
> Thanks Satish,
>
> I have added all this (including the shadowAccount attribute). getent
> passwd / shadow work correctly but group still does not. I'm off to find
> documentation...
>
> Thanks,
>
> -Paul
>
> On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote:
>> Paul,
>> Go to the group entry. Right click and select 'Advanced properties'.
>> Click on objectclass and click 'Add Value'. It should like all
>> objectclasses you can add.
>>
>> -Satish.
>>
>> Paul Fontenot wrote:
>>> I'm *assuming* you mean somewhere other than here (in the attached png
>>> file). When I go to create the group and attempt to add the posixgroup
>>> object class I do not see that option anywhere - lots of other things
>>> though. I will go back to hunting the information on the fedora site as
>>> well.
>>>
>>> Thanks for the help,
>>>
>>> -Paul
>>>
>>> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:
>>>> Paul,
>>>> You have to create a group in ldap, then add the posixgroup object
>>>> class. If you do this thru the admin console, you will then see a
>>>> text box appear called gidnumber. In that box enter whatever gid you
>>>> wish to use.
>>>>
>>>> Aaron
>>>>
>>>> Paul Fontenot wrote:
>>>>> Thanks Aaron,
>>>>>
>>>>> That's what has me stumped, the GID is there (that's the
500). I guess
>>>>> what has me confused is I can't figure out how to tie that
number to a
>>>>> group and have it show in the getent group query.
>>>>>
>>>>> -Paul
>>>>>
>>>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
>>>>>
>>>>>> Paul,
>>>>>> You probably need to assign a gidnumber (posixgroup attribute)
to your
>>>>>> primary ldap group. I've noticed that linux boxes only
recognize group
>>>>>> memberships for groups that have gid's.
>>>>>>
>>>>>> Aaron
>>>>>>
>>>>>> Paul Fontenot wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I've searched hi and low and found a couple references
to the problem I
>>>>>>> have but no solutions.
>>>>>>>
>>>>>>> If I issue 'getent passwd' I can see all the ldap
users, if I issue a
>>>>>>> getent group I cannot see any of the ldap groups. When I log
into one of
>>>>>>> my linux boxes I get 'id: cannot find name for group ID
500' (500 is an
>>>>>>> ldap group).
>>>>>>>
>>>>>>> What would cause this issue? I've been beating my head
against it for a
>>>>>>> couple days and decided to turn to the experts.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Fedora-directory-users mailing list
>>>>>>> Fedora-directory-users(a)redhat.com
>>>>>>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>
>>>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users(a)redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>> --
>>>> Aaron Bliss
>>>> Systems Administrator
>>>> SUNY Brockport
>>>> (585) 395-2417
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users(a)redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
------------------------------------------------------------------------
>>>>
>>>>
>>>>
------------------------------------------------------------------------
>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users(a)redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
4:54 p.m.
Hi Paul!
On Wed, 02 Jan 2008, Paul Fontenot wrote:
ldapsearch appears to be fine:
[root@ldap bin]# ./ldapsearch -b "dc=fontenotshome,dc=org"
"objectclass=posixgroup"
version: 1
dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxAdmins
gidNumber: 750
uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org
dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxUsers
gidNumber: 500
uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org
[root@ldap bin]#
and the logs don't show any errors. Does this thing do caching and if so
how can itbe cleared, reset, etc...
For Posix groups, most systems expect you to use "memberUid" rather
than "uniqueMember" to specify group members, and to include uid names
rather than DNs.
5:44 p.m.
Thanks Patrick,
After some changes... I think I shall go and eat and come back later.
Thanks for all the help :)
For Posix groups, most systems expect you to use
"memberUid" rather
than "uniqueMember" to specify group members, and to include uid names
rather than DNs.
I now have this:
[fontenwp@ldap bin]$ ./ldapsearch -b "dc=fontenotshome,dc=org"
"objectclass=posixgroup"
version: 1
dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxAdmins
gidNumber: 750
memberUid: fontenwp
dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxUsers
gidNumber: 500
memberUid: fontenwp
[fontenwp@ldap bin]$
I still have this:
[fontenwp@ldap bin]$ id
uid=500(fontenwp) gid=500 groups=500
[fontenwp@ldap bin]$
and the error
"id: cannot find name for group ID 500"
--------------------------------------------------------------
16:44:17 up 2:00, 1 user, load average: 0.11, 0.05, 0.01
6:33 p.m.
All,
Boy howdy I feel like an idiot, I do appreciate all the helpful tips
and hints though. Here was my problem in the hopes this helps someone
else :)
In the /etc/ldap.conf on my client I fould the following...
nss_base_group ou=Group,dc=fontenotshome,dc=org <-- * the culprit
Should have been:
nss_base_group ou=Groups,dc=fontenotshome,dc=org
Thanks again,
-Paul
On Wed, 2008-01-02 at 14:06 -0700, Paul Fontenot wrote:
Hi,
I've searched hi and low and found a couple references to the problem I
have but no solutions.
If I issue 'getent passwd' I can see all the ldap users, if I issue a
getent group I cannot see any of the ldap groups. When I log into one of
my linux boxes I get 'id: cannot find name for group ID 500' (500 is an
ldap group).
What would cause this issue? I've been beating my head against it for a
couple days and decided to turn to the experts.
Thanks,
Paul
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
10:43 a.m.
hello,
First: sorry for my bad english.
Your user must have a 'gidnumber' entry (from 'posixaccount' objectclass),
this
is the user's gid. Not require to write this username in the memberuid entry. If
the group not the primary group of the user, require to write in the memberuid
entry the username.
ok, i know this is not too understandable.
example:
uid=500(fontenwp) gid=500(linuxusers) groups=750(linuxadmins),500(linuxusers)
entrys: (only the important things)
user:
dn: cn=fontenwp, ou=People, dc=fontenotshome,dc=org
objectclass: posixAccount
gidNumber: 500
groups:
dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org
objectClass: posixgroup
gidNumber: 500
memberUid: fontenwp <-- these not required
dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org
objectClass: posixgroup
gidNumber: 750
memberUid: fontenwp <-- this required
and offcourse configure correct nsswitch & pam.
the default group ou in the nsswitch-ldap conf is the: ou=Group but, as i can
see, You use the ou=Group_s_. check this.
I hope this help you.
KeeF
Paul Fontenot wrote:
I now have this:
[fontenwp@ldap bin]$ ./ldapsearch -b "dc=fontenotshome,dc=org"
"objectclass=posixgroup"
version: 1
dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxAdmins
gidNumber: 750
memberUid: fontenwp
dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: LinuxUsers
gidNumber: 500
memberUid: fontenwp
[fontenwp@ldap bin]$
I still have this:
[fontenwp@ldap bin]$ id
uid=500(fontenwp) gid=500 groups=500
[fontenwp@ldap bin]$
and the error
"id: cannot find name for group ID 500"
--------------------------------------------------------------
16:44:17 up 2:00, 1 user, load average: 0.11, 0.05, 0.01
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
5956
days inactive
5957
days old
389-users@lists.fedoraproject.org
13 comments
5 participants
participants (5)
-
Aaron Bliss -
Morris, Patrick -
Paul Fontenot -
Satish Chetty -
Tamas Bagyal