Is this something that will cause an issue with ACL/DIACAP restrictions? I'm not sure if you know what those are, but correct me if I'm wrong. Thanks. On 1/14/13 10:44 AM, "Doug Tucker" <tuckerd@xxxxxxxxxxxx> wrote: >It's not going to show you the ldap users only the local ones. > >Sincerely, > >Doug Tucker > >On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote: >> The id <ldap-user-name> command works just fine. That is not where I >> am having the issue. The issue lies in the local Users and Groups >> list in the RHEL client. >> >> When I click through System->Administration->Users and Groups, the >> ldap-user-name is not showing up on that list. How do I get it to >> show up on that list? This is a concern to me because my bosses are >> questioning whether the ldap-user-name I created has proper ACL >> privileges and would meet DIACAP requirements. >> >> Thanks, >> >> Rohit >> >> From: Chandan Kumar <chandank.kumar@xxxxxxxxx >> <mailto:chandank.kumar@xxxxxxxxx>> >> Reply-To: "General discussion list for the 389 Directory server >> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx >> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>> >> Date: Monday, January 7, 2013 1:43 PM >> To: "General discussion list for the 389 Directory server project." >> <389-users@xxxxxxxxxxxxxxxxxxxxxxx >> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>> >> Subject: Re: How to set up 389 client >> >> Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd >> is configured properly this command has to work. Moreover, while you >> execute this command watch /var/log/secure.log for any error messages. >> >> Also disable selinux/Firewall and test. >> >> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote: >> >> I configured everything with SSSD as you suggested. I'm able to >> do successful logins authenticating against the LDAP server, but >> when I check the Users and Groups list on the client machine, that >> newly created user isn't added. Thoughts? >> >> Thanks. >> >> From: Chandan Kumar <chandank.kumar@xxxxxxxxx <javascript:_e({}, >> 'cvml', 'chandank.kumar@xxxxxxxxx');>> >> Reply-To: "General discussion list for the 389 Directory server >> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <javascript:_e({}, >> 'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>> >> Date: Monday, January 7, 2013 1:36 PM >> To: "General discussion list for the 389 Directory server >> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <javascript:_e({}, >> 'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>> >> Subject: Re: How to set up 389 client >> >> are you using SSSD on client side or PADL/NSS? >> >> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote: >> >> I do specify the POSIX properties on the LDAP side. But when >> I login with that created user on the client side and check >> the Users and Groups list on the client machine, it is not >> listed there. I did avoid the warning message by adding the >> LDAP user to a group that already exists. I want the user I >> create in LDAP to become listed in the Users and Groups list >> on the client (for ACL purposes, if you know anything >> regarding meeting DIACAP guidelines). Did I miss something? >> >> Thanks >> >> From: Chandan Kumar <chandank.kumar@xxxxxxxxx> >> Reply-To: "General discussion list for the 389 Directory >> server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> Date: Monday, January 7, 2013 11:39 AM >> To: "General discussion list for the 389 Directory server >> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> Subject: Re: How to set up 389 client >> >> Hello Rohit, >> >> While creating users you also need to specify POSIX properties >> for the user. >> >> In admin console you need to fill out posix properties details >> while creating the user. Also make sure you create posix >> groups and associate these new users with the group ID >> otherwise while login time you may get some warning message >> like "id: Group does not exist". >> >> >> >> >> -- >> http://about.me/chandank >> >> >> On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. >> <Rohit.Chaudhari@xxxxxxxxxx> wrote: >> >> Hey Chandan, >> >> So I got the RHEL client working, but I have an >> outstanding issue. When I look at the users/groups >> setting on the client machine, the newly created user that >> I made on the RHEL LDAP server does not show up on the >> list. Is this how it is supposed to work? If not, how do >> I get a LDAP user to become a part of the users and groups >> list on the RHEL client? >> >> Thanks, >> >> Rohit >> >> From: Chandan Kumar <chandank.kumar@xxxxxxxxx> >> Reply-To: "General discussion list for the 389 Directory >> server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> Date: Thursday, December 20, 2012 6:21 PM >> >> To: "General discussion list for the 389 Directory server >> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> Subject: Re: How to set up 389 client >> >> Yes do need to replace it with SSSD. If you are having a >> fresh Centos install, by default it is sssd only. >> >> Best way would be to use the authconfig tool as it changes >> all related files and you don't have to manually change >> all of them. Moreover, you also need change the nss.conf >> file and make sure groups/users do have sssd instead of >>ldap. >> >> From RHEL 6.4 sssd will be fully supported and it gives >> better performance if you intend to integrate many >> applications with LDAP as it does not open multiple >> connections with the directory server. >> >> I will look that guide again and will try to improve it. >> >> On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote: >> >> Okay I will try checking those parameters. I am doing >> sssd, I used ldap pan before in CentOS 6 and that ha >> >> >> >> -- >> >> -- >> http://about.me/chandank >> >> >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > >-- >389 users mailing list >389-users@xxxxxxxxxxxxxxxxxxxxxxx >https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
