From owner-freebsd-hackers@freebsd.org  Tue Nov  8 08:01:05 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FDE4C36FAB
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Tue,  8 Nov 2016 08:01:05 +0000 (UTC) (envelope-from ap00@mail.ru)
Received: from smtp27.mail.ru (smtp27.mail.ru [94.100.181.182])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E530F31F
 for <freebsd-hackers@freebsd.org>; Tue,  8 Nov 2016 08:01:04 +0000 (UTC)
 (envelope-from ap00@mail.ru)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru;
 s=mail2; 
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:To:Message-ID:From:Date;
 bh=RXk02nWFVaKZz9fbDIVf2vn0db0BWGEd/zy5XM3iYm4=; 
 b=MQDv1WTjxsUU2+JgA8cZ40sFUHz75/fP03t72WWN/zml4tJ9de2aa+kT36j7vRd3fJqGm1yp8cTr0kxOQx387PLKj9OIS5B7b5AYtepHzFRMheNr9EgviFBC6EQEY3tR+/aZg0nESPwGHOZ1H3FaHY3hryFuK1ACTnddgS+f6ts=;
Received: from [91.190.121.202] (port=52518 helo=pstation)
 by smtp27.mail.ru with esmtpa (envelope-from <ap00@mail.ru>)
 id 1c41L1-0006B3-Fl
 for freebsd-hackers@freebsd.org; Tue, 08 Nov 2016 11:01:00 +0300
Date: Tue, 8 Nov 2016 11:00:56 +0300
From: Anthony Pankov <ap00@mail.ru>
X-Priority: 3 (Normal)
Message-ID: <1644757548.20161108110056@mail.ru>
To: freebsd-hackers@freebsd.org
Subject: nss_ldap seems to  not work
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Authentication-Results: smtp27.mail.ru; auth=pass smtp.auth=ap00@mail.ru
 smtp.mailfrom=ap00@mail.ru
X-E1FCDC63: F586714A37AD46779D936A3B9A0429D3B7AB0E7134D2E1A8
X-E1FCDC64: CF9B41FAC5AE2F0DC3D9940DA68EDE6C395F995829CEF92E2F26E4F17A20ACD7DC3326C543D49E8D
X-Mailru-Sender: 0489DF6C38DA5EE561E8A477868835DB969DAEDF2C146D3D062233983D541B49730FAF750FE6C77BA5D819213F947FA3
X-Mras: OK
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 08:01:05 -0000

Greetings.

nss_ldap seems to not work correctly at least at FreeBSD 10.3.

Two  configurations
1. FreeBSD 9.2
2. FreeBSD 10.3
sharing  nss_ldap  settings  and  using  the  same  LDAP  tree (DIT) produce
different results.

At    FreeBSD   10.3   nss_ldap  can't  enumerate  supplementary  user
groups.

Example:
FreeBSD 9.2:
                # id user1
                 ... groups=basegroup,gr1,gr2,gr3
FreeBSD 10.3:
                # id user1
                 ... groups=basegroup

The  effect is inadequate result of initgroups() calling which lead to
various side effects with permissions.

P.S.  Interesting  fact.  At  FreeBSD  10.3 pw utility produce correct
result:
        #pw usershow user1
        ... groups=basegroup,gr1,gr2,gr3

-- 
Best regards,
 Anthony                          mailto:ap00@mail.ru