Juan Asensio S?nchez wrote: > > > 2010/5/3 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> > > Juan Asensio S?nchez wrote: > > Hi > > > > 2010/5/3 Rich Megginson <rmeggins at redhat.com > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com > <mailto:rmeggins at redhat.com>>> > > > > > We are having trouble since we have updated from version > 1.1.3 to > > > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients > into LDAP. > > > When we try to make "getent group", we only get one group > and its > > > members, but no the rest of the groups (should be more > than 1000 > > groups). > > What platform? 32-bit or 64-bit? > > How many groups? Do you only get this error when you > attempt a search > > to return this many groups? > > > > > > "getent group" should return the local groups (that are show > fine) and > > about 729 LDAP groups. > How many groups total? Roughly how many members? I'm trying to get > some idea about how many entries and how many bytes should be > returned. > > If I do the same search with the command ldapsearch, > ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ? > > > I run these queries: > > Total groups: > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,XXXXXXX=es" -D "cn=Application > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > userPassword memberUid uniqueMember gidNumber | grep -E "^dn:" | wc -l > 729 > > Total members: > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > userPassword memberUid uniqueMember gidNumber | grep -E -i > "^uniquemember:" | wc -l > 23348 > > Total unique members: > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > userPassword memberUid uniqueMember gidNumber | grep -E -i > "^uniquemember:" | sort | uniq | wc -l > 9365 So it appears that using ldapsearch with ldaps returns the correct information, it's just that getent does not? both ldapsearch and getent go through the same ldap + openssl libraries, both bind as "application manager", it's mostly the same code path, so I'm not sure why getent would behave differently. I'm assuming you don't see the same incorrect Message Authentication Code error when you use ldapsearch. Please file a bug - https://bugzilla.redhat.com/enter_bug.cgi?product=389 > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
