The id <ldap-user-name> command works just fine.  That is not where I am having the issue.  The issue lies in the local Users and Groups list in the RHEL client.

When I click through System->Administration->Users and Groups, the ldap-user-name is not showing up on that list.  How do I get it to show up on that list? This is a concern to me because my bosses are questioning whether the ldap-user-name I created has proper ACL privileges and would meet DIACAP requirements.

Thanks,

Rohit

From: Chandan Kumar <chandank.kumar@gmail.com>
Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: Monday, January 7, 2013 1:43 PM
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client

Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd is configured properly this command has to work. Moreover, while you execute this command watch /var/log/secure.log for any error messages.

Also disable selinux/Firewall and test. 

On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I configured everything with SSSD as you suggested.  I'm able to do successful logins authenticating against the LDAP server, but when I check the Users and Groups list on the client machine, that newly created user isn't added.  Thoughts?

Thanks.

From: Chandan Kumar <chandank.kumar@gmail.com>
Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: Monday, January 7, 2013 1:36 PM
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client

are you using SSSD on client side or PADL/NSS?

On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I do specify the POSIX properties on the LDAP side.  But when I login with that created user on the client side and check the Users and Groups list on the client machine, it is not listed there.  I did avoid the warning message by adding the LDAP user to a group that already exists.  I want the user I create in LDAP to become listed in the Users and Groups list on the client (for ACL purposes, if you know anything regarding meeting DIACAP guidelines).  Did I miss something?

Thanks

From: Chandan Kumar <chandank.kumar@gmail.com>
Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: Monday, January 7, 2013 11:39 AM
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client

Hello Rohit,

While creating users you also need to specify POSIX properties for the user.

In admin console you need to fill out posix properties details while creating the user. Also make sure you create posix groups and associate these new users with the group ID otherwise while login time you may get some warning message like  "id: Group does not exist".





On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. <Rohit.Chaudhari@jhuapl.edu> wrote:
Hey Chandan,

So I got the RHEL client working, but I have an outstanding issue.  When I look at the users/groups setting on the client machine, the newly created user that I made on the RHEL LDAP server does not show up on the list.  Is this how it is supposed to work?  If not, how do I get a LDAP user to become a part of the users and groups list on the RHEL client?

Thanks,

Rohit

From: Chandan Kumar <chandank.kumar@gmail.com>
Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: Thursday, December 20, 2012 6:21 PM

To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client

Yes do need to replace it with SSSD. If you are having a fresh Centos install, by default it is sssd only. 

Best way would be to use the authconfig tool as it changes all related files and you don't have to manually change all of them.  Moreover, you also need change the nss.conf file and make sure groups/users do have sssd instead of ldap.

From RHEL 6.4 sssd will be fully supported and it gives better performance if you intend to integrate many applications with LDAP as it does not open multiple connections with the directory server.

I will look that guide again and will try to improve it.

On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
Okay I will try checking those parameters.  I am doing sssd, I used ldap pan before in CentOS 6 and that ha


--

--
http://about.me/chandank