[389-users] posix authentication - missing groups
Marco Strullato
marco.strullato at gmail.com
Fri Apr 2 15:04:20 UTC 2010
What you suggest solved my problem!
memberuid mustn't be the uid number but the username!
Thank you very much!
Marco
2010/4/2 Renato Ribeiro da Silva <capareci at uol.com.br>:
>
> In the memberuid attribute you need to put the uid not the uidnumber. In
> the memberuid attribute replace 496 by user and try again.
>
>
>
> Regards,
>
> Renato.
>
> Em 02/04/2010 11:53, Marco Strullato < marco.strullato at gmail.com > escreveu:
> I use the memberuid attribute: to be as clear as possible I'll paste
> here the ldif.
> I hope it will be useful.
>
> This is the ldif of the user
>
> # entry-id: 709
> dn: uid=user,ou=ssh,c=it,o=organisation
> modifyTimestamp: 20100331104156Z
> modifiersName: cn=directory manager
> gidNumber: 601
> uidNumber: 496
> cn: user
> passwordGraceUserTime: 0
> userPassword: {SHA}TytvRdv..
> sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..
> gecos: user
> homeDirectory: /home/user
> host: server_hostname
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixaccount
> objectClass: shadowaccount
> objectClass: hostobject
> objectClass: account
> objectClass: sudorole
> objectClass: ldappublickey
> sudoCommand:
> sudoHost:< br />sudoOption:
> sudoRunAs:
> sudoUser:
> uid: user
> creatorsName: cn=directory manager
> createTimestamp: 20100316092928Z
> nsUniqueId: 51f09b01-1dd2..
>
>
>
> These are the ldifs of the groups:
>
> # entry-id: 742
> dn: cn=group2, ou=ssh, c=it, o=organisation
> modifyTimestamp: 20100331134146Z
> modifiersName: cn=directory manager
> memberUid: 496
> memberUid: 494
> gidNumber: 600
> objectClass: top
> objectClass: posixgroup
> cn: group2
> creatorsName: cn=directory manager
> createTimestamp: 20100331083223Z
> nsUniqueId: e55dca81-1dd11..
>
>
>
> # entry-id: 743
> dn: cn=group1,ou=ssh, c=it, o=organisation
> gidNumber: 601
> objectClass: top
> objectClass: posixgroup
> cn: group1
> creatorsName: cn=directory manager
> modifiersName: cn=directory manager
> createTimestamp: 20100331083429Z
> modifyTimestamp: 20100331083429Z
> nsUniqueId: 2ce45681-1dd2..
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Are you sing the memberuid or the uniquemember attribute in the ldap? What
>> are the values?
>>
>>
>>
>> Renato
>>
>> Em 02/04/2010 11:38, Marco Strullato < marco.strullato at gmail.com >
>> escreveu:
>> Thanks for the answer but I already disabled nscd...
>>
>> Marco
>>
>> 2010/4/2 Renato Ribeiro da Silva :
>>> Marco,
>>>
>>> Try to stop the the nscd service. Sometimes it gives you the wrong
>>> information.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Renato
>>>
>>>
>>>
>>>
>>>
>>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato at gmail.com >
>>> escreveu:
>>> Hi all,
>>> I'm using fedora ds as authentication server for my network. I've
>>&g t; configured the environment so that linux gets users and groups
>>> information from the ldap.
>>> The problem is that I'm getting incomplete information! groups
>>> definitions are missing.
>>>
>>> I'll give you an example: a user has a uid, a primary gid and
>>> secondary gids. I'm not getting secondary gids.
>>>
>>> I would like "user" to be member of "group1" and "group2". If I ask
>>> the ldap with getent I get these information:
>>>
>>> getent passwd user
>>> user:x:496:601:user:/home/user:/bin/bash
>>>
>>> getent group group1
>>> group1:*:601:
>>>
>>> getent group group2
>>> group2:*:600:496,494
>>>
>>> as you can see user has id 496 and gid 601. user is member also of
>>> group2 ( gid 600)
>>>
>>> But if I query the system about the "user" , I get:
>>>
>>> id user
>>> uid=496(user) gid=601(group1) groups=601(group1)
>>>
>>>
>>> Have you ever seen this behaviour? Have you got suggestions?
>>>
>>>
>>> Regards,
>>>
>>> Marco
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraprojec t.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>>
>>
>> --
>> Marco Strullato
>> cell: +393288462393
>> skype: marco.strullato
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
More information about the 389-users
mailing list