Site Navigation

Date:      Tue, 8 Nov 2016 11:00:56 +0300
From:      Anthony Pankov <ap00@mail.ru>
To:        freebsd-hackers@freebsd.org
Subject:   nss_ldap seems to  not work
Message-ID:  <1644757548.20161108110056@mail.ru>

---

next in thread | raw e-mail | index | archive | help

---

Greetings.

nss_ldap seems to not work correctly at least at FreeBSD 10.3.

Two  configurations
1. FreeBSD 9.2
2. FreeBSD 10.3
sharing  nss_ldap  settings  and  using  the  same  LDAP  tree (DIT) produce
different results.

At    FreeBSD   10.3   nss_ldap  can't  enumerate  supplementary  user
groups.

Example:
FreeBSD 9.2:
                # id user1
                 ... groups=basegroup,gr1,gr2,gr3
FreeBSD 10.3:
                # id user1
                 ... groups=basegroup

The  effect is inadequate result of initgroups() calling which lead to
various side effects with permissions.

P.S.  Interesting  fact.  At  FreeBSD  10.3 pw utility produce correct
result:
        #pw usershow user1
        ... groups=basegroup,gr1,gr2,gr3

-- 
Best regards,
 Anthony                          mailto:ap00@mail.ru

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1644757548.20161108110056>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact