Date: Tue, 8 Nov 2016 22:40:20 +0900 From: Alexander Nedotsukov <bland@bbnest.net> To: Anthony Pankov <ap00@mail.ru> Cc: freebsd-hackers@freebsd.org Subject: Re: nss_ldap seems to not work Message-ID: <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net> In-Reply-To: <1644757548.20161108110056@mail.ru> References: <1644757548.20161108110056@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Does it help if you add "nss_schema rfc2307=E2=80=9D to nss_ldap.config? > On 8 =D0=BD=D0=BE=D1=8F=D0=B1. 2016 =D0=B3., at 17:00, Anthony Pankov = via freebsd-hackers <freebsd-hackers@freebsd.org> wrote: >=20 > Greetings. >=20 > nss_ldap seems to not work correctly at least at FreeBSD 10.3. >=20 > Two configurations > 1. FreeBSD 9.2 > 2. FreeBSD 10.3 > sharing nss_ldap settings and using the same LDAP tree (DIT) = produce > different results. >=20 > At FreeBSD 10.3 nss_ldap can't enumerate supplementary user > groups. >=20 > Example: > FreeBSD 9.2: > # id user1 > ... groups=3Dbasegroup,gr1,gr2,gr3 > FreeBSD 10.3: > # id user1 > ... groups=3Dbasegroup >=20 > The effect is inadequate result of initgroups() calling which lead to > various side effects with permissions. >=20 > P.S. Interesting fact. At FreeBSD 10.3 pw utility produce correct > result: > #pw usershow user1 > ... groups=3Dbasegroup,gr1,gr2,gr3 >=20 > --=20 > Best regards, > Anthony mailto:ap00@mail.ru >=20 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to = "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A97463C-6A15-4B79-A52C-9DBBF2A20862>