Hi I have been more test with the same result. I can confirm, that with the same configuration in the client, if the server is upgraded, the error is thrown. I have opened a bug: https://bugzilla.redhat.com/show_bug.cgi?id=596058 Regards. 2010/5/4 Rich Megginson <rmeggins at redhat.com> > Juan Asensio S?nchez wrote: > > > > > > 2010/5/3 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com > >> > > > > Juan Asensio S?nchez wrote: > > > Hi > > > > > > 2010/5/3 Rich Megginson <rmeggins at redhat.com > > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com > > <mailto:rmeggins at redhat.com>>> > > > > > > > We are having trouble since we have updated from version > > 1.1.3 to > > > > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients > > into LDAP. > > > > When we try to make "getent group", we only get one group > > and its > > > > members, but no the rest of the groups (should be more > > than 1000 > > > groups). > > > What platform? 32-bit or 64-bit? > > > How many groups? Do you only get this error when you > > attempt a search > > > to return this many groups? > > > > > > > > > "getent group" should return the local groups (that are show > > fine) and > > > about 729 LDAP groups. > > How many groups total? Roughly how many members? I'm trying to get > > some idea about how many entries and how many bytes should be > > returned. > > > If I do the same search with the command ldapsearch, > > ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ? > > > > > > I run these queries: > > > > Total groups: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,XXXXXXX=es" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E "^dn:" | wc -l > > 729 > > > > Total members: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E -i > > "^uniquemember:" | wc -l > > 23348 > > > > Total unique members: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E -i > > "^uniquemember:" | sort | uniq | wc -l > > 9365 > So it appears that using ldapsearch with ldaps returns the correct > information, it's just that getent does not? both ldapsearch and getent > go through the same ldap + openssl libraries, both bind as "application > manager", it's mostly the same code path, so I'm not sure why getent > would behave differently. I'm assuming you don't see the same incorrect > Message Authentication Code error when you use ldapsearch. > > Please file a bug - https://bugzilla.redhat.com/enter_bug.cgi?product=389 > > ------------------------------------------------------------------------ > > > > -- > > 389 users mailing list > > 389-users at lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100526/1b5ea8dd/attachment.html
