Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Nov 2016 22:20:34 +0300
From:      Anthony Pankov <ap00@mail.ru>
To:        freebsd-hackers@freebsd.org
Subject:   Re: nss_ldap seems to  not work
Message-ID:  <26095845.20161108222034@mail.ru>
In-Reply-To: <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net>
References:  <1644757548.20161108110056@mail.ru> <4A97463C-6A15-4B79-A52C-9DBBF2A20862@bbnest.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello, Alexander.

I'm  sorry,  but this happen when engaging production server. I fix
it  by  moving  to  nss-pam-ldap (nslcd) so I can't move back and give
this option a chance.

> Does it help if you add "nss_schema rfc2307=E2=80=9D to nss_ldap.config?

>> On 8 =D0=BD=D0=BE=D1=8F=D0=B1. 2016 =D0=B3., at 17:00, Anthony Pankov vi=
a freebsd-hackers <freebsd-hackers@freebsd.org> wrote:
>>=20
>> Greetings.
>>=20
>> nss_ldap seems to not work correctly at least at FreeBSD 10.3.
>>=20
>> Two  configurations
>> 1. FreeBSD 9.2
>> 2. FreeBSD 10.3
>> sharing  nss_ldap  settings  and  using  the  same  LDAP  tree (DIT) pro=
duce
>> different results.
>>=20
>> At    FreeBSD   10.3   nss_ldap  can't  enumerate  supplementary  user
>> groups.
>>=20
>> Example:
>> FreeBSD 9.2:
>>                # id user1
>>                 ... groups=3Dbasegroup,gr1,gr2,gr3
>> FreeBSD 10.3:
>>                # id user1
>>                 ... groups=3Dbasegroup
>>=20
>> The  effect is inadequate result of initgroups() calling which lead to
>> various side effects with permissions.
>>=20
>> P.S.  Interesting  fact.  At  FreeBSD  10.3 pw utility produce correct
>> result:
>>        #pw usershow user1
>>        ... groups=3Dbasegroup,gr1,gr2,gr3
>>=20
>> --=20
>> Best regards,
>> Anthony                          mailto:ap00@mail.ru
>>=20
>> _______________________________________________
>> freebsd-hackers@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.or=
g"

> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe@freebsd.org"



--=20
=D0=A1 =D1=83=D0=B2=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5=D0=BC,
 Anthony                          mailto:ap00@mail.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26095845.20161108222034>