Alright, I solved the problem. And for the sake of others who may follow in my wake, here's the answer: When you create the group, you must add the objectclass type posixGroup (which then allows define the group number, which is where you get the gid to group name mapping). 1. Open Directory Server COnsole 2. Click the Directory tab 3. Expand your base dn 4. Highlight Groups 5. In the right pane, right click and select add group 6. Click the advanced tab 7. Click in one of the fields where it says Object class (top or groupofuniquenames) 8. Click Add Value 9. Select posixGroup, then OK 10. Now you have a field gidnumber, which you can fill in. I'm sure there's a good reason why this isn't included by default during group creation, but I can't think of it right now. I suppose it would be kind of a pain if you weren't trying to create a posix group but were required to provide such information as gidnumber. ---------- Forwarded message ---------- From: Brandon Young <bkyoung at gmail.com> Date: Jan 23, 2007 3:20 PM Subject: group mapping issue To: Fedora-directory-users at redhat.com I have recently attempted to set up a Fedora Directory Server for evaluation as a replacement for NIS. Overall, the set up process was pretty painless. I spent some time reading the Installation Guide, Administrator's Guide, and Deployment Guide beforehand. Additionally, I tracked down this wonderful guide (http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-26072006.html) which seemed like exactly what I needed. I am trying to (ultimately) set up a directory service which provides user authentication for Linux and OS X clients. The problem I have run in to is the following: when I issue the command `ls`, I see the following: ~$ ls -l total 1 drwxr-xr-x 2 bky 1676 336 Jan 23 09:12 Desktop drwxr-xr-x 4 bky 1676 216 Jan 17 10:24 Documents drwx------ 19 bky 1676 544 Jan 22 12:19 Library drwxr-xr-x 2 bky 1676 48 Jan 17 08:33 Movies drwxr-xr-x 3 bky 1676 72 Jan 17 09:45 Music drwxr-xr-x 2 bky 1676 48 Jan 17 08:30 Pictures drwxrwxr-x 2 bky 1676 96 Dec 20 14:29 bin drwxrwxr-x 3 bky 1676 72 Dec 20 15:53 svn drwxr-xr-x 2 bky 1676 48 Jan 17 09:48 vmware ~$ if I issue the 'groups' command for the user, it tells me: # groups bky id: cannot find name for group ID 1676 # So, it seems obvious to me that group mappings are not configured correctly. On the client side, I am using a CentOS 4.4 machine, configured to use ldap using system-config-authentication, and further tweaking /etc/ldap.conf values for nss_base_passwd, nss_base_shadow, and nss_base_group. Further, in digging through the mailing list archives I found a suggestion to make sure pam_member_attribute was set to uniqueMember -- which I tried, to no avail. I also tried starting nscd which does not fix it (but I didn't really feel like that was the problem, anyway). I will further mention here that the ldap-client package is installed and I have not tried to configure SSL or TLS, yet. So, with that in mind ... what very obvious thing am I missing? Has anyone seen and resolved this issue for themselves? Any help would be greatly appreciated. -- Brandon -- Brandon
