From owner-freebsd-questions@FreeBSD.ORG Mon Feb 25 20:40:14 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85B4F16A400 for ; Mon, 25 Feb 2008 20:40:14 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 45EE513C459 for ; Mon, 25 Feb 2008 20:40:14 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) for freebsd-questions@freebsd.org with esmtp (envelope-from ) id <1JTjpo-0002c4-5U>; Mon, 25 Feb 2008 21:22:00 +0100 Received: from e178040093.adsl.alicedsl.de ([85.178.40.93] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.69) for freebsd-questions@freebsd.org with esmtpsa (envelope-from ) id <1JTjpo-0003Kq-2r>; Mon, 25 Feb 2008 21:22:00 +0100 Message-ID: <47C323E1.7040806@mail.zedat.fu-berlin.de> Date: Mon, 25 Feb 2008 21:24:01 +0100 From: "O. Hartmann" User-Agent: Thunderbird 2.0.0.9 (X11/20080123) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 85.178.40.93 Subject: OpenLDAP 2.4.8 and FreeBSD/nss_ldap ==>> not working? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Feb 2008 20:40:14 -0000 Hello, apart from the fact that OpenLDAP 2.4.8 in conjunction with DB 4.6 ist absolutely BETA as mentioned in their docu, nevertheless I woul like asking about a problem I discovered. Bevor upgrading (I did becauso of the syncrepl-facility) I stopped slapd and dumped its DB via "slapcat -l outfile.ldif" into a secure dumpfile. Then I removed the old DB-files in the database directory. Then I used "slapadd -l outfile.ldif" for restoring the database and after I recompiled everthing dependend on the ldap-client libs (nss_ldap, pam_ldap, pam_mkhomedir, sudo, postgresql), I was able to safely restart slapd. Everything seemed to work on a glimpse, but something was wrong. I've group-objects (ou=groups, POSIX groups) in my DIT with attribute "memberUID=XXXX". With OpenLDAP 2.3.41 'id' shows up a user's UID, GID and membership in additional groups, but with LDAP 2.4.8, only the UID and GID is shown: uid=2002(ohartmann) gid=2002(ohartmann) groups=2002(ohartmann) (OpenLDAP 2.4.8) but it should be uid=2002(ohartmann) gid=2002(ohartmann) groups=2002(ohartmann),512(Domain Admins),513(Domain Users),544(Administrators),2045(development) (2.3.41) Either something in the schemata has changed or something is wrong. I tried to find out via the doku at OpenLDAP.ORG, but can't find any revealing infos. Can anybody help? Regards, Oliver