Hi! I am probably missing something really obvious. I have an IPA server that is still in development. I have created two test clients that are clones of existing VMs. One is Centos 7.7 and the other is Solaris10. The Centos 7.7 one is working great. The Solaris one works now for getent passwd user and. for logging in but the groups command is returning the list from the old LDAP server and I can't figure out how it is getting that.
The content of the /var/ldap/ldap_client_file is :
root # cat ldap_client_file # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 172.27.104.187 NS_LDAP_SEARCH_BASEDN= dc=channing,dc=harvard,dc=edu NS_LDAP_AUTH= tls:simple NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_SERVER_PREF= chanidm.bwh.harvard.edu NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=channing,dc=harvard,dc=edu NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=accounts,dc=channing,dc=harvard,dc=edu NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=uidNumber NS_LDAP_ATTRIBUTEMAP= group:memberuid=memberUid NS_LDAP_ATTRIBUTEMAP= group:gidnumber=gidNumber NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=gidNumber NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixgroup NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple
Any suggestions?
Thank you all.
Lois Bennett, MSEE Senior System Administrator Channing Division of Network Medicine, Brigham & Women's Hospital A Teaching Affiliate of Harvard Medical School and Harvard School of Public Health
Lois Blood Bennett via FreeIPA-users wrote:
Hi! I am probably missing something really obvious. I have an IPA server that is still in development. I have created two test clients that are clones of existing VMs. One is Centos 7.7 and the other is Solaris10. The Centos 7.7 one is working great. The Solaris one works now for getent passwd user and. for logging in but the groups command is returning the list from the old LDAP server and I can't figure out how it is getting that.
The content of the /var/ldap/ldap_client_file is :
root # cat ldap_client_file # # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 172.27.104.187 NS_LDAP_SEARCH_BASEDN= dc=channing,dc=harvard,dc=edu NS_LDAP_AUTH= tls:simple NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_SERVER_PREF= chanidm.bwh.harvard.edu NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=channing,dc=harvard,dc=edu NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=accounts,dc=channing,dc=harvard,dc=edu NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=uidNumber NS_LDAP_ATTRIBUTEMAP= group:memberuid=memberUid NS_LDAP_ATTRIBUTEMAP= group:gidnumber=gidNumber NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=gidNumber NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixgroup NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:tls:simple
Any suggestions?
You need to use the compat location for groups with Solaris which uses rfc 2307:
group:cn=groups,cn=compat,dc=channing,dc=harvard,dc=edu
rob
freeipa-users@lists.fedorahosted.org