Date: Wed, 24 Feb 2010 11:39:48 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: Gerrit =?iso-8859-1?Q?K=FChn?= <gerrit@pmp.uni-hannover.de> Cc: freebsd-stable@freebsd.org Subject: Re: nss_ldap and multiple group memberships Message-ID: <20100224103947.GA75442@hugo10.ka.punkt.de> In-Reply-To: <20100224112311.73ac53f6.gerrit@pmp.uni-hannover.de> References: <20100224112311.73ac53f6.gerrit@pmp.uni-hannover.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--5vNYLRcllDrimb99 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Hi, all, On Wed, Feb 24, 2010 at 11:23:11AM +0100, Gerrit Kühn wrote: > Is anyone here using nss_ldap and can successfully get it to work with > multiple group memberships? I would really like to get this to work here, > but I only get the primary group: > > penumbra# id gekueh > uid=1030(gekueh) gid=1012(aei) groups=1012(aei) [ry93@devel ~]$ uname -a FreeBSD devel.intern.punkt.de 7.2-RELEASE-p6 FreeBSD 7.2-RELEASE-p6 #0: Mon Feb 22 16:17:54 CET 2010 root@nanobsd.ka.punkt.de:/var/home/nanobsd/obj/dl320-devel/usr/src/sys/GENERIC amd64 [ry93@devel ~]$ pkg_info | grep ldap nss_ldap-1.264_3 RFC 2307 NSS module openldap-client-2.4.21 Open source LDAP client implementation pam_ldap-1.8.5 A pam module for authenticating with LDAP [ry93@devel ~]$ id uid=10093(ry93) gid=10001(intern) groups=10001(intern),0(wheel) LDAP server is Active Directory on Windows 2003 R2. What precisely do you need? Ah, heck, I'll just attach my config files right away. nss_ldap.conf is just a symlink to ldap.conf. I do not remember where that '?one' came from and what precisely it does. Voodoo I copied from some obscure "Howto", I figure. I'd appreciate some feedback on that part ;-) Best regards, HTH, Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 --5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="nsswitch.conf" # # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1.8.1 2009/04/15 03:14:26 kensmith Exp $ # group: cache files ldap hosts: files dns networks: files passwd: cache files ldap shells: files services: compat services_compat: nis protocols: files rpc: files --5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ldap.conf" uri ldap://pdc.intern.punkt.de base DC=intern,DC=punkt,DC=de ldap_version 3 binddn *** bindpw *** scope sub idle_timelimit 60 pam_login_attribute msSFU30Name pam_filter objectclass=User pam_password ad nss_map_objectclass posixAccount User nss_map_objectclass posixGroup Group nss_base_passwd ou=Mitarbeiter,dc=intern,dc=punkt,dc=de?one nss_base_group ou=Unixgruppen,dc=intern,dc=punkt,dc=de?one nss_map_attribute uid msSFU30Name nss_map_attribute gecos name nss_map_attribute userPassword unixUserPassword nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_map_attribute cn sAMAccountName nss_map_attribute uniquemember msSFU30PosixMember --5vNYLRcllDrimb99--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100224103947.GA75442>