Is this something that will cause an issue with ACL/DIACAP restrictions?
I'm not sure if you know what those are, but correct me if I'm wrong.
Thanks.
On 1/14/13 10:44 AM, "Doug Tucker" <tuckerd(a)lyle.smu.edu> wrote:
It's not going to show you the ldap users only the local ones.
Sincerely,
Doug Tucker
On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote:
> The id <ldap-user-name> command works just fine. That is not where I
> am having the issue. The issue lies in the local Users and Groups
> list in the RHEL client.
>
> When I click through System->Administration->Users and Groups, the
> ldap-user-name is not showing up on that list. How do I get it to
> show up on that list? This is a concern to me because my bosses are
> questioning whether the ldap-user-name I created has proper ACL
> privileges and would meet DIACAP requirements.
>
> Thanks,
>
> Rohit
>
> From: Chandan Kumar <chandank.kumar(a)gmail.com
> <mailto:chandank.kumar@gmail.com>>
> Reply-To: "General discussion list for the 389 Directory server
> project." <389-users(a)lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> Date: Monday, January 7, 2013 1:43 PM
> To: "General discussion list for the 389 Directory server project."
> <389-users(a)lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>>
> Subject: Re: [389-users] How to set up 389 client
>
> Sounds bit strange. what is out put of "id <ldap-user-name>". If
sssd
> is configured properly this command has to work. Moreover, while you
> execute this command watch /var/log/secure.log for any error messages.
>
> Also disable selinux/Firewall and test.
>
> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
>
> I configured everything with SSSD as you suggested. I'm able to
> do successful logins authenticating against the LDAP server, but
> when I check the Users and Groups list on the client machine, that
> newly created user isn't added. Thoughts?
>
> Thanks.
>
> From: Chandan Kumar <chandank.kumar(a)gmail.com <javascript:_e({},
> 'cvml', 'chandank.kumar(a)gmail.com');>>
> Reply-To: "General discussion list for the 389 Directory server
> project." <389-users(a)lists.fedoraproject.org <javascript:_e({},
> 'cvml', '389-users(a)lists.fedoraproject.org');>>
> Date: Monday, January 7, 2013 1:36 PM
> To: "General discussion list for the 389 Directory server
> project." <389-users(a)lists.fedoraproject.org <javascript:_e({},
> 'cvml', '389-users(a)lists.fedoraproject.org');>>
> Subject: Re: [389-users] How to set up 389 client
>
> are you using SSSD on client side or PADL/NSS?
>
> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
>
> I do specify the POSIX properties on the LDAP side. But when
> I login with that created user on the client side and check
> the Users and Groups list on the client machine, it is not
> listed there. I did avoid the warning message by adding the
> LDAP user to a group that already exists. I want the user I
> create in LDAP to become listed in the Users and Groups list
> on the client (for ACL purposes, if you know anything
> regarding meeting DIACAP guidelines). Did I miss something?
>
> Thanks
>
> From: Chandan Kumar <chandank.kumar(a)gmail.com>
> Reply-To: "General discussion list for the 389 Directory
> server project." <389-users(a)lists.fedoraproject.org>
> Date: Monday, January 7, 2013 11:39 AM
> To: "General discussion list for the 389 Directory server
> project." <389-users(a)lists.fedoraproject.org>
> Subject: Re: [389-users] How to set up 389 client
>
> Hello Rohit,
>
> While creating users you also need to specify POSIX properties
> for the user.
>
> In admin console you need to fill out posix properties details
> while creating the user. Also make sure you create posix
> groups and associate these new users with the group ID
> otherwise while login time you may get some warning message
> like "id: Group does not exist".
>
>
>
>
> --
>
http://about.me/chandank
>
>
> On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K.
> <Rohit.Chaudhari(a)jhuapl.edu> wrote:
>
> Hey Chandan,
>
> So I got the RHEL client working, but I have an
> outstanding issue. When I look at the users/groups
> setting on the client machine, the newly created user that
> I made on the RHEL LDAP server does not show up on the
> list. Is this how it is supposed to work? If not, how do
> I get a LDAP user to become a part of the users and groups
> list on the RHEL client?
>
> Thanks,
>
> Rohit
>
> From: Chandan Kumar <chandank.kumar(a)gmail.com>
> Reply-To: "General discussion list for the 389 Directory
> server project." <389-users(a)lists.fedoraproject.org>
> Date: Thursday, December 20, 2012 6:21 PM
>
> To: "General discussion list for the 389 Directory server
> project." <389-users(a)lists.fedoraproject.org>
> Subject: Re: [389-users] How to set up 389 client
>
> Yes do need to replace it with SSSD. If you are having a
> fresh Centos install, by default it is sssd only.
>
> Best way would be to use the authconfig tool as it changes
> all related files and you don't have to manually change
> all of them. Moreover, you also need change the nss.conf
> file and make sure groups/users do have sssd instead of
>ldap.
>
> From RHEL 6.4 sssd will be fully supported and it gives
> better performance if you intend to integrate many
> applications with LDAP as it does not open multiple
> connections with the directory server.
>
> I will look that guide again and will try to improve it.
>
> On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
>
> Okay I will try checking those parameters. I am doing
> sssd, I used ldap pan before in CentOS 6 and that ha
>
>
>
> --
>
> --
>
http://about.me/chandank
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users