Your message dated Sat, 07 Dec 2013 14:03:14 +0100
with message-id <1386421394.20019.3.ca...@sorbet.thuis.net>
and subject line Re: Bug#427497: libnss-ldap doesn't find all groups
has caused the Debian Bug report #427497,
regarding libnss-ldap doesn't find all groups as root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
427497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427497
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libnss-ldap
Version: 251-7.5
Severity: important
libnss-ldap doesn't seem to get all groups from ldap.
E. g. when I do as user:
$ id -G
513 1027 1029 1073 1112 14091 19901 22150 43236 55873 60223
But when I do as root:
# id -G user
513 22150 43236 19901 1027 1029 1073 1112
As you can see some groups are missing in the second request.
This happens after the upgrade from Sarge to Etch. It has wider effects in the
sense that e. g. Group-ACLs
in Samba are no longer working in some cases. It also seems that only newer
groups which were added after
the upgrade to Etch are affected.
Here are some relevant parts of config files:
/etc/nsswitch.conf:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
/etc/libnss_ldap.conf:
host 192.168.1.12 192.168.1.17
base dc=test,dc=de
ldap_version 3
rootbinddn cn=admin,dc=test,dc=de
/etc/ldap/slapd.conf from the ldap server:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=test,dc=de"
directory "/var/lib/ldap"
index objectClass eq
lastmod on
access to attrs=userPassword
by dn="cn=admin,dc=test,dc=de" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=test,dc=de" write
by * read
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
--- End Message ---
--- Begin Message ---
On Mon, 2007-06-04 at 14:38 +0000, Henry Jensen wrote:
> $ id -G
> 513 1027 1029 1073 1112 14091 19901 22150 43236 55873 60223
>
> But when I do as root:
>
> # id -G user
> 513 22150 43236 19901 1027 1029 1073 1112
There is a difference between "id -G" and "id -G user". The former
returns the effective groups, the latter the assigned groups. If you
login on the console (or desktop manager) you are usually assigned extra
groups.
If you can still reproduce this problem and can provide some extra
information, feel free to re-open this bug.
Thanks,
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
--- End Message ---
