LDAP, Solaris8 client, non-standard group attribute in db

From: Rob Windsor (windsor@warthog.com)
Date: Tue Nov 16 2004 - 17:24:06 EST

• Next message: Rizwan Sadiq: "Sun E-450 Hangup problem"
• Previous message: Sundaram Ramasamy: "Calculating multicast traffic (overhead)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

LDAP Server is Sun DS 5.2 (if that makes much difference)
Client is Solaris-8 with latest patch cluster

I think the following output pretty much sum up the problem:

> : (r) sol8box:/var/ldap; cat ldap_client_file
> #
> # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
> #
> NS_LDAP_FILE_VERSION= 1.0
> NS_LDAP_SERVERS= 1.2.3.4:389
> NS_LDAP_SEARCH_BASEDN= o=employees,dc=mycompany,dc=com
> NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
> NS_LDAP_SEARCH_REF= NS_LDAP_FOLLOWREF
> NS_LDAP_DOMAIN= mycompany.com
> NS_LDAP_SEARCH_DN= passwd:(ou=People,o=employees,dc=mycompany,dc=com)
> NS_LDAP_SEARCH_DN= shadow:(ou=People,o=employees,dc=mycompany,dc=com)
> NS_LDAP_SEARCH_DN= group:(ou=Groups,o=employees,dc=mycompany,dc=com)
> NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
> NS_LDAP_SEARCH_TIME= 30
> NS_LDAP_CACHETTL= 3600
> NS_LDAP_BIND_TIME= 30

(note "ou=Groups" instead of "ou=Group")

> : (r) sol8box:/var/ldap; grep ldap /etc/nsswitch.conf
> passwd: files ldap [TRYAGAIN=5]
> group: files ldap [TRYAGAIN=5]

> : (r) sol8box:/var/ldap; ldaplist -l group system
> dn: cn=system,ou=Groups,o=employees,dc=mycompany,dc=com
> objectClass: top
> objectClass: groupofuniquenames
> objectClass: posixgroup
> gidNumber: 340
> uniqueMember: uid=persona,ou=People,o=employees,dc=mycompany,dc=com
> uniqueMember: uid=personb,ou=People,o=employees,dc=mycompany,dc=com
> uniqueMember: uid=personc,ou=People,o=employees,dc=mycompany,dc=com
> uniqueMember: uid=persond,ou=People,o=employees,dc=mycompany,dc=com
> cn: system

> : (r) sol8box:/var/ldap; groups persona
> fw

> : (r) sol8box:/var/ldap; ldaplist -l passwd persona | egrep gidNumber
> gidNumber: 80

> : (r) sol8box:/var/ldap; ldaplist -l group fw | egrep gidNumber
> gidNumber: 80

> : (r) sol8box:/var/ldap; egrep persona /etc/passwd /etc/group
> : (r) sol8box:/var/ldap;

To sum it up, users are not being listed as member of groups specified
in the "group" database. "persona" should be in both "fw" (80) and
"system" (340) groups.

Rob++

-- 
Internet: windsor@warthog.com                             __o
Life: Rob@Carrollton.Texas.USA.Earth                    _`\<,_
                                                        (_)/ (_)
"They couldn't hit an elephant at this distance."
   -- Major General John Sedgwick
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Rizwan Sadiq: "Sun E-450 Hangup problem"
• Previous message: Sundaram Ramasamy: "Calculating multicast traffic (overhead)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:43 EDT