Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Nov 2016 22:20:34 +0300
From:      Anthony Pankov <ap00@mail.ru>
To:        freebsd-hackers@freebsd.org
Subject:   Re: nss_ldap seems to  not work
Message-ID:  <26095845.20161108222034@mail.ru>
In-Reply-To: <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net>
References:  <1644757548.20161108110056@mail.ru> <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hello, Alexander.

I'm  sorry,  but this happen when engaging production server. I fix
it  by  moving  to  nss-pam-ldap (nslcd) so I can't move back and give
this option a chance.

> Does it help if you add "nss_schema rfc2307” to nss_ldap.config?

>> On 8 нояб. 2016 г., at 17:00, Anthony Pankov via freebsd-hackers <freebsd-hackers@freebsd.org> wrote:
>> 
>> Greetings.
>> 
>> nss_ldap seems to not work correctly at least at FreeBSD 10.3.
>> 
>> Two  configurations
>> 1. FreeBSD 9.2
>> 2. FreeBSD 10.3
>> sharing  nss_ldap  settings  and  using  the  same  LDAP  tree (DIT) produce
>> different results.
>> 
>> At    FreeBSD   10.3   nss_ldap  can't  enumerate  supplementary  user
>> groups.
>> 
>> Example:
>> FreeBSD 9.2:
>>                # id user1
>>                 ... groups=basegroup,gr1,gr2,gr3
>> FreeBSD 10.3:
>>                # id user1
>>                 ... groups=basegroup
>> 
>> The  effect is inadequate result of initgroups() calling which lead to
>> various side effects with permissions.
>> 
>> P.S.  Interesting  fact.  At  FreeBSD  10.3 pw utility produce correct
>> result:
>>        #pw usershow user1
>>        ... groups=basegroup,gr1,gr2,gr3
>> 
>> -- 
>> Best regards,
>> Anthony                          mailto:ap00@mail.ru
>> 
>> _______________________________________________
>> freebsd-hackers@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe@freebsd.org"



-- 
С уважением,
 Anthony                          mailto:ap00@mail.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26095845.20161108222034>