getent group doesnt show any ldap groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2010-05-04 at 20:13 -0400, Rick Dicaire wrote:
> On Tue, May 4, 2010 at 7:31 PM, John A. Sullivan III
> <jsullivan at opensourcedevel.com> wrote:
> > Sure - go to the advanced properties of the group.  Look at the
> > objectclass attribute.  If it does not contain posixgroup (I believe
> > that's the correct value - I'm not looking at my 389 right now), click
> > in the list of values and then click add value.  Choose posixgroup from
> > the list.
> >
> > Then click on add attribute and choose memberuid from the list.  There
> > will be a blank field for memberuid.  Enter the first uid.  To enter
> > additional uids, click add value and enter the new uid - John
> 
> John, thanks, this is great....I decided to try something based on
> this. Since both users I'd added have the same gid, I noticed a
> gidnumber field was added when I added posixgroup to Object class. I
> set this fields value to that of the users gid. I removed the
> previously added memberuid attribute that had the uid vaules of the
> two users:
> 
> ardy at daw1~$ getent group guitar
> guitar:*:1200:graz,mraz
> ardy at daw1~$ id graz
> uid=1200(graz) gid=1200(guitar) groups=1200(guitar)
> ardy at daw1~$ id mraz
> uid=1201(mraz) gid=1200(guitar) groups=1200(guitar)
> 
> Seems to me, at this juncture, its unnecessary to add the memberuid
> attribute and fill it with uid values?
> 
> Some more experimenting, added another group, added posixgroup to
> Object class, set the gidnumber for the group, added the same two
> users to it:
> 
> ardy at daw1~$ getent group amplifier
> amplifier:*:1201:graz,mraz
> ardy at daw1~$ id graz
> uid=1200(graz) gid=1200(guitar) groups=1200(guitar),1201(amplifier)
> ardy at daw1~$ id mraz
> uid=1201(mraz) gid=1200(guitar) groups=1200(guitar),1201(amplifier)
> 
> Now, while getent shows all groups for a user, is there a way to see
> all the groups a specific user is in with 389-console, I'm not seeing
> any secondary groups in advanced properties for the user.
> 
> Thanks again John, this really helped!
> 
I'm pulling this out of memory so you may want to verify it.  We do have
a memberof attribute for our users.  I believe it is populated via a
memberof plugin.  There is documentation on it.  We implemented it when
it was first released and it was a little temperamental.  I don't recall
all the issues off-hand but I think it required the users to have an
objectclass which was not added by default - perhaps inetuser.  In any
event, there is good documentation and a very extensive email thread in
the archives.  Glad to be of assistance - John
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux