On Mar 3, 2014, at 3:14 PM, Israel Brewster <isr...@eraalaska.net> wrote:
> I am working on setting up my OpenBSD 5.2 box to connect to my company LDAP > server (Mac OS X 10.8.5 OpenDirectory). I have successfully installed > login_ldap from ports and configured ypldap and the login.conf file such that > I can now authenticate as any of my ldap users. However, when ypldap pulls in > the group membership information from my LDAP server, it appears to be cutting > off the group membership listing at 1024 characters. The end result is that > only about half of my users are actually showing up as members of the > appropriate group(s). I have confirmed this not only by behavior (sftp is not > chrooted for some users even though I have the proper entries to match the > group in sshd_conf), but also by using the userinfo command: userinfo for a > user that shows up in the first 1024 characters of the group membership > listing properly shows the user as a member of the group. userinfo for a user > that does not show up in the first 1024 characters show the user as only being > part of the default group (staff in this case). How can I get ypldap to show > the full member listing? > ----------------------------------------------- > Israel Brewster > Computer Support Technician II > Era Alaska > 5245 Airport Industrial Rd > Fairbanks, AK 99709 > (907) 450-7250 x7293 > ----------------------------------------------- > I was thinking: is there any chance this is due to a problem with the Apple OpenDirectory LDAP, and not with ypldap? When I use a LDAB browser such as explorer, it shows all the groups, but perhaps it works differently. Any suggestions would be appreciated, as right now the LDAP binding is useless, and if I can't get this working I'll have to start over on a different OS where I can make this work - which will not be fun :-(. Thanks. ----------------------------------------------- Israel Brewster Computer Support Technician II Era Alaska 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x7293 ----------------------------------------------- [demime 1.01d removed an attachment of type text/directory which had a name of Israel Brewster.vcf]
