From owner-freebsd-hackers@freebsd.org Tue Nov 8 13:40:25 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28B28C3668F for ; Tue, 8 Nov 2016 13:40:25 +0000 (UTC) (envelope-from bland@bbnest.net) Received: from mail1.asahi-net.or.jp (mail1.asahi-net.or.jp [202.224.39.197]) by mx1.freebsd.org (Postfix) with ESMTP id F3BDB390 for ; Tue, 8 Nov 2016 13:40:24 +0000 (UTC) (envelope-from bland@bbnest.net) Received: from eee.bbnest.net (w133033.ppp.asahi-net.or.jp [121.1.133.33]) by mail1.asahi-net.or.jp (Postfix) with ESMTP id BB456E1E6; Tue, 8 Nov 2016 22:40:21 +0900 (JST) Received: from nest.bbnest.net (nest.bbnest.net [192.168.1.108]) (authenticated bits=0) by eee.bbnest.net (8.15.2/8.15.2) with ESMTPSA id uA8DeKpM005569 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Nov 2016 22:40:22 +0900 (JST) (envelope-from bland@bbnest.net) Subject: Re: nss_ldap seems to not work Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: text/plain; charset=utf-8 From: Alexander Nedotsukov X-Priority: 3 (Normal) In-Reply-To: <1644757548.20161108110056@mail.ru> Date: Tue, 8 Nov 2016 22:40:20 +0900 Cc: freebsd-hackers@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net> References: <1644757548.20161108110056@mail.ru> To: Anthony Pankov X-Mailer: Apple Mail (2.3124) X-Mailman-Approved-At: Tue, 08 Nov 2016 15:39:52 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Nov 2016 13:40:25 -0000 Does it help if you add "nss_schema rfc2307=E2=80=9D to nss_ldap.config? > On 8 =D0=BD=D0=BE=D1=8F=D0=B1. 2016 =D0=B3., at 17:00, Anthony Pankov = via freebsd-hackers wrote: >=20 > Greetings. >=20 > nss_ldap seems to not work correctly at least at FreeBSD 10.3. >=20 > Two configurations > 1. FreeBSD 9.2 > 2. FreeBSD 10.3 > sharing nss_ldap settings and using the same LDAP tree (DIT) = produce > different results. >=20 > At FreeBSD 10.3 nss_ldap can't enumerate supplementary user > groups. >=20 > Example: > FreeBSD 9.2: > # id user1 > ... groups=3Dbasegroup,gr1,gr2,gr3 > FreeBSD 10.3: > # id user1 > ... groups=3Dbasegroup >=20 > The effect is inadequate result of initgroups() calling which lead to > various side effects with permissions. >=20 > P.S. Interesting fact. At FreeBSD 10.3 pw utility produce correct > result: > #pw usershow user1 > ... groups=3Dbasegroup,gr1,gr2,gr3 >=20 > --=20 > Best regards, > Anthony mailto:ap00@mail.ru >=20 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to = "freebsd-hackers-unsubscribe@freebsd.org"