Joerg,
Yeah.. I just discovered my problem was that I wasnt putting
appropriate groups into my groups ou when adding users.
My mistake. (Doh!)
Thanks for your email!
- Don
>>> Joerg Pulz <[EMAIL PROTECTED]> 04/25/05 12:15PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 25 Apr 2005, Don Brearley wrote:
>
> Hello,
>
> I am having some problems with OpenLDAP 2.2.25 and FreeBSD 5.3.
>
> I can currently authenticate against my ldap db, and utilities like id and
> chown
> work with no problem.
>
> The problem is gid to group name mapping. In my ldif files, I can have a
> "uid" entry and a "uidNumber" entry. It would look something like this:
>
> uid: testuser
> uidNumber: 2001
>
> and that works. I cannot have a group entry of the same.
>
> gid: testgroup
> gidNumber: 2001
>
> OpenLDAP would complain that it couldn't read this file properly.. not until
> the "gid:testgroup" entry was removed.
>
> When I attempt to use an app like "chown" I have to specify the actual
> gid number, eg:
>
> chown -R testuser:2001 /home/testuser
>
> I was wondering if anyone had found a way to have it so that you could
> just enter it by name, and not by number. eg:
>
> chown -R testuser:testgroup /home/testuser
>
> Obviously I would have to add a gid entry in my schema file, but I am left
> wondering why this isn't already in there.. I dont want to spend a few hours
> trying to re-invent the wheel when there is already a reason for it to
> not be in there.
>
> Any help or light on this situation is deeply appreciated. If you need more
> information, please let me know and I shall provide it.
Hi,
i have authentication against OpenLDAP running a long time now and did not
experience such a thing.
I have splittet the user and group informations in two separate tree's.
An example user and the group entry look like this:
- --- the user
uid=testuser,ou=People,dc=domain,dc=tld
objectClass: top
objectClass: posixAccount
uidNumber: 2001
gecos: Test User
loginShell: /bin/tcsh
uid: testuser
cn: Test User
gidNumber: 2001
homeDirectory: /home/testuser
userPassword: some_password
- --- the group
dn: cn=testgroup,ou=Group,dc=domain,dc=tld
objectClass: posixGroup
objectClass: top
cn: testgroup
userPassword: *
gidNumber: 2001
description: Local Unix group
if you configure nss_ldap to the following you will be able to chown(8)
with names instead of numbers and id(1) should give you names for the
groups too.
- --- nss_ldap.conf
nss_base_passwd ou=People,dc=domain,dc=tld?one
nss_base_group ou=Group,dc=domain,dc=tld?one
if i understand your comments right, you have tried to add an "gid"
attribute to the user account with objectClass posixAccount, but this will
not work. only the numeric gidNumber is allowed for this objectClass. it
behaves like flat unix passwd(5) and group(5) files where the numeric
gidNumber is stored in passwd(5) and this number is resolved using the
group(5) file.
please think about it ;-) and try the things above
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCbTOrSPOsGF+KA+MRAioiAJ4oSK/EupIQphRIneHcbWSHJ6YcHgCgx1wf
EHGs1oXINk95wgKc0IKW75A=
=lneJ
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
