I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.
This is the ldif of the user
# entry-id: 709
dn: uid=user,ou=ssh,c=it,o=organisation
modifyTimestamp: 20100331104156Z
modifiersName: cn=directory manager
gidNumber: 601
uidNumber: 496
cn: user
passwordGraceUserTime: 0
userPassword: {SHA}TytvRdv..<cut>
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..<cut>
gecos: user
homeDirectory: /home/user
host: server_hostname
loginShell: /bin/bash
objectClass: top
objectClass: posixaccount
objectClass: shadowaccount
objectClass: hostobject
objectClass: account
objectClass: sudorole
objectClass: ldappublickey
sudoCommand:
sudoHost:
sudoOption:
sudoRunAs:
sudoUser:
uid: user
creatorsName: cn=directory manager
createTimestamp: 20100316092928Z
nsUniqueId: 51f09b01-1dd2..<cut>
These are the ldifs of the groups:
# entry-id: 742
dn: cn=group2, ou=ssh, c=it, o=organisation
modifyTimestamp: 20100331134146Z
modifiersName: cn=directory manager
memberUid: 496
memberUid: 494
gidNumber: 600
objectClass: top
objectClass: posixgroup
cn: group2
creatorsName: cn=directory manager
createTimestamp: 20100331083223Z
nsUniqueId: e55dca81-1dd11..<cut>
# entry-id: 743
dn: cn=group1,ou=ssh, c=it, o=organisation
gidNumber: 601
objectClass: top
objectClass: posixgroup
cn: group1
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20100331083429Z
modifyTimestamp: 20100331083429Z
nsUniqueId: 2ce45681-1dd2..<cut>
2010/4/2 Renato Ribeiro da Silva <capareci(a)uol.com.br>:
Are you sing the memberuid or the uniquemember attribute in the ldap?
What
are the values?
Renato
Em 02/04/2010 11:38, Marco Strullato < marco.strullato(a)gmail.com > escreveu:
Thanks for the answer but I already disabled nscd...
Marco
2010/4/2 Renato Ribeiro da Silva :
> Marco,
>
> Try to stop the the nscd service. Sometimes it gives you the wrong
> information.
>
>
>
> Regards,
>
> Renato
>
>
>
>
>
> Em 02/04/2010 07:27, Marco Strullato < marco.strullato(a)gmail.com >
> escreveu:
> Hi all,
> I'm using fedora ds as authentication server for my network. I've
> configured the environment so that linux gets users and groups
> information from the ldap.
> The problem is that I'm getting incomplete information! groups
> definitions are missing.
>
> I'll give you an example: a user has a uid, a primary gid and
> secondary gids. I'm not getting secondary gids.
>
> I would like "user" to be member of "group1" and
"group2". If I ask
> the ldap with getent I get these information:
>
> getent passwd user
> user:x:496:601:user:/home/user:/bin/bash
>
> getent group group1
> group1:*:601:
>
> getent group group2
> group2:*:600:496,494
>
> as you can see user has id 496 and gid 601. user is member also of
> group2 ( gid 600)
>
> But if I query the system about the "user", I get:
>
> id user
> uid=496(user) gid=601(group1) groups=601(group1)
>
>
> Have you ever seen this behaviour? Have you got suggestions?
>
>
> Regards,
>
> Marco
> --
> 389 users mailing list
> 389-users(a)lists.fedoraprojec t.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Marco Strullato
cell: +393288462393
skype: marco.strullato