On Mon, Oct 24, 2011 at 06:56:27PM +0200, account@xxxxxxxxxxx wrote: > Hello, we run several 389 DirectoryServer with a master slave replication. > > To support our old solaris enviroment we use > "https://fedorahosted.org/slapi-nis/"; for NIS: > I use slapi-nis 0.26 from the Fedorarepository (src rpm) and compiled > it for RH5. Solaris and other types of machines are running well. "id > user" and "groups user" ist working. But I get with command "ypcat > groups" doubled user entries for each group. > > When I have a group for example: group "test1" with user "user1 user2" > I get with ypcat group | grep test1: > test1: user1 user2 user1 user2 That looks to be formatted very oddly. Hopefully you munged it that way, but it's hard to tell. > When I execute the command: id user1 I get test1 only once. > > In our dse.ldif I have following entries for group.byname: > dn: nis-domain=xxxx+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=config > objectClass: extensibleObject > objectClass: top > nis-domain: xxxx > nis-map: group.byname > nis-base: ou=Groups, dc=yyyyy, dc=com > > and group.gid > dn: nis-domain=xxxx+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=config > objectClass: extensibleObject > objectClass: top > nis-domain: xxxx > nis-map: group.bygid > nis-base: ou=Groups, dc=yyyyy, dc=com > > > With LDAP I get: > [root@NIS2LDAP ~]# ldapsearch -x -h localhost -s base -b > "cn=test1,ou=groups,dc=yyyyy,dc=com" > # extended LDIF > # > # LDAPv3 > # base <cn=test1,ou=groups,dc=yyyyy,dc=com> with scope baseObject > # filter: (objectclass=*) > # requesting: ALL > # > > # test1, Groups, yyyyy.com > dn: cn=test1,ou=Groups,dc=yyyyy,dc=com > objectClass: posixGroup > objectClass: top > objectClass: groupOfUniqueNames > cn: tiger > gidNumber: 484 > memberUid: user1 > memberUid: user2 > uniqueMember: uid=user1,ou=People,dc=yyyyy,dc=com > uniqueMember: uid=user2,ou=People,dc=yyyyy,dc=com > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > Is memberUid / uniqueMember a problem ? It shouldn't be breaking anything, but it appears that you're getting both the group's "memberUid" values and the "uid" values from its "uniqueMember" values, all showing up in the group entries. The NIS server plugin should probably offer a way to prune out duplicate values, and possibly do so by default in places like lists of group members. (The Schema Compatibility plugin already does this because the APIs that Directory Server provides do this for it automatically.) Cheers, Nalin -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
