On Mon, Oct 24, 2011 at 06:56:27PM +0200, account(a)cnu.at99.at wrote:
Hello, we run several 389 DirectoryServer with a master slave
replication.
To support our old solaris enviroment we use
"https://fedorahosted.org/slapi-nis/" for NIS:
I use slapi-nis 0.26 from the Fedorarepository (src rpm) and compiled
it for RH5. Solaris and other types of machines are running well. "id
user" and "groups user" ist working. But I get with command "ypcat
groups" doubled user entries for each group.
When I have a group for example: group "test1" with user "user1
user2"
I get with ypcat group | grep test1:
test1: user1 user2 user1 user2
That looks to be formatted very oddly. Hopefully you munged it that
way, but it's hard to tell.
When I execute the command: id user1 I get test1 only once.
In our dse.ldif I have following entries for group.byname:
dn: nis-domain=xxxx+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: xxxx
nis-map: group.byname
nis-base: ou=Groups, dc=yyyyy, dc=com
and group.gid
dn: nis-domain=xxxx+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: xxxx
nis-map: group.bygid
nis-base: ou=Groups, dc=yyyyy, dc=com
With LDAP I get:
[root@NIS2LDAP ~]# ldapsearch -x -h localhost -s base -b
"cn=test1,ou=groups,dc=yyyyy,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=test1,ou=groups,dc=yyyyy,dc=com> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
# test1, Groups,
yyyyy.com
dn: cn=test1,ou=Groups,dc=yyyyy,dc=com
objectClass: posixGroup
objectClass: top
objectClass: groupOfUniqueNames
cn: tiger
gidNumber: 484
memberUid: user1
memberUid: user2
uniqueMember: uid=user1,ou=People,dc=yyyyy,dc=com
uniqueMember: uid=user2,ou=People,dc=yyyyy,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Is memberUid / uniqueMember a problem ?
It shouldn't be breaking anything, but it appears that you're getting
both the group's "memberUid" values and the "uid" values from its
"uniqueMember" values, all showing up in the group entries.
The NIS server plugin should probably offer a way to prune out duplicate
values, and possibly do so by default in places like lists of group
members. (The Schema Compatibility plugin already does this because the
APIs that Directory Server provides do this for it automatically.)
Cheers,
Nalin