Package: libnss-ldap
Version: 251-7.5
Severity: important
libnss-ldap doesn't seem to get all groups from ldap.
E. g. when I do as user:
$ id -G
513 1027 1029 1073 1112 14091 19901 22150 43236 55873 60223
But when I do as root:
# id -G user
513 22150 43236 19901 1027 1029 1073 1112
As you can see some groups are missing in the second request.
This happens after the upgrade from Sarge to Etch. It has wider effects in the
sense that e. g. Group-ACLs
in Samba are no longer working in some cases. It also seems that only newer
groups which were added after
the upgrade to Etch are affected.
Here are some relevant parts of config files:
/etc/nsswitch.conf:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
/etc/libnss_ldap.conf:
host 192.168.1.12 192.168.1.17
base dc=test,dc=de
ldap_version 3
rootbinddn cn=admin,dc=test,dc=de
/etc/ldap/slapd.conf from the ldap server:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=test,dc=de"
directory "/var/lib/ldap"
index objectClass eq
lastmod on
access to attrs=userPassword
by dn="cn=admin,dc=test,dc=de" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=test,dc=de" write
by * read
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
