FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-02-2008, 01:48 PM
Ansgar Burchardt
 
Default LDAP and POSIX groups

Hi,

I'm having problems setting up LDAP with POSIX groups. I can see groups
and members with "getent group mygroup", but am not a member after
logging in.

To configure LDAP, I added

nss_base_group ou=Group,dc=example,dc=com?sub

to /etc/libnss-ldap.conf and pam_ldap.conf. This made the "getent"
command work. The LDAP entry for the group looks like this:

dn: cn=mygroup,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: mygroup
gidNumber: 1000
memberUid: ansgar

In online documentation, I also read about the object classes
groupOfNames and groupOfUniqueNames, but have no idea how to use them
(only posixGroup seems to have the gidNumber property and all three
classes are structural).

Regards,
Ansgar

--
PGP: 1024D/595FAD19 739E 2D09 0969 BEA9 9797 B055 DDB0 2FF7 595F AD19



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-03-2008, 01:19 PM
frank
 
Default LDAP and POSIX groups

On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote:
>
> I'm having problems setting up LDAP with POSIX groups. I can see groups
> and members with "getent group mygroup", but am not a member after
> logging in.
>
> To configure LDAP, I added
>
> nss_base_group ou=Group,dc=example,dc=com?sub
>
> to /etc/libnss-ldap.conf and pam_ldap.conf. This made the "getent"
> command work. The LDAP entry for the group looks like this:
>
> dn: cn=mygroup,ou=Group,dc=example,dc=com
> objectClass: top
> objectClass: posixGroup
> cn: mygroup
> gidNumber: 1000
> memberUid: ansgar
>
> In online documentation, I also read about the object classes
> groupOfNames and groupOfUniqueNames, but have no idea how to use them
> (only posixGroup seems to have the gidNumber property and all three
> classes are structural).

The ldap documentation is very rare. Have you modified you
nsswitch.conf?

Regards
Frank


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-03-2008, 04:46 PM
Ansgar Burchardt
 
Default LDAP and POSIX groups

Hi,

frank <frank@anotheria.net> writes:
> On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote:
>> I'm having problems setting up LDAP with POSIX groups. I can see groups
>> and members with "getent group mygroup", but am not a member after
>> logging in.

> The ldap documentation is very rare. Have you modified you
> nsswitch.conf?

Yes, it says
group: files ldap
right now. The getent program also works just fine (I think it uses the
functions provided by nsswitch).

Regards,
Ansgar

--
PGP: 1024D/595FAD19 739E 2D09 0969 BEA9 9797 B055 DDB0 2FF7 595F AD19


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-03-2008, 06:59 PM
Alex Samad
 
Default LDAP and POSIX groups

On Mon, Nov 03, 2008 at 03:19:11PM +0100, frank wrote:
> On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote:
> >
> > I'm having problems setting up LDAP with POSIX groups. I can see groups
> > and members with "getent group mygroup", but am not a member after
> > logging in.
> >
> > To configure LDAP, I added
> >
> > nss_base_group ou=Group,dc=example,dc=com?sub
> >
> > to /etc/libnss-ldap.conf and pam_ldap.conf. This made the "getent"
> > command work. The LDAP entry for the group looks like this:
> >
> > dn: cn=mygroup,ou=Group,dc=example,dc=com
> > objectClass: top
> > objectClass: posixGroup
> > cn: mygroup
> > gidNumber: 1000
> > memberUid: ansgar
> >
> > In online documentation, I also read about the object classes
> > groupOfNames and groupOfUniqueNames, but have no idea how to use them
> > (only posixGroup seems to have the gidNumber property and all three
> > classes are structural).
>
> The ldap documentation is very rare. Have you modified you
> nsswitch.conf?
could also be ldap security, I found when I getent it would work but not
when I did a id

plus I started to use libnss-ldapd, found it a bit more stable

>
> Regards
> Frank
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
The sum of the Universe is zero.
 
Old 11-04-2008, 06:13 PM
Ansgar Burchardt
 
Default LDAP and POSIX groups

Alex Samad <alex@samad.com.au> writes:
> plus I started to use libnss-ldapd, found it a bit more stable

I gave libnss-ldapd a try and it's now working fine without changes on
the configuration. Thanks.

Ansgar

--
PGP: 1024D/595FAD19 739E 2D09 0969 BEA9 9797 B055 DDB0 2FF7 595F AD19


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:20 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org