ldapsearch appears to be fine: [root@ldap bin]# ./ldapsearch -b "dc=fontenotshome,dc=org" "objectclass=posixgroup" version: 1 dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxAdmins gidNumber: 750 uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxUsers gidNumber: 500 uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org [root@ldap bin]# and the logs don't show any errors. Does this thing do caching and if so how can itbe cleared, reset, etc... On Wed, 2008-01-02 at 17:11 -0500, Satish Chetty wrote: > Paul, > You can do few things to debug... > > * Check the server log to see what happens... > * Do the same with ldapsearch and see if you get results. Ex. ldapsearch > -h myhost -p 389 -b "dc=example, dc=com" "objectclass=posixgroup" etc... > * Check /etc/nsswitch.conf to make sure the 'ldap' is included in the > search order (if you use authconfig on Linux it will set it for you). > > -Satish. > > Paul Fontenot wrote: > > Thanks Satish, > > > > I have added all this (including the shadowAccount attribute). getent > > passwd / shadow work correctly but group still does not. I'm off to find > > documentation... > > > > Thanks, > > > > -Paul > > > > On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote: > >> Paul, > >> Go to the group entry. Right click and select 'Advanced properties'. > >> Click on objectclass and click 'Add Value'. It should like all > >> objectclasses you can add. > >> > >> -Satish. > >> > >> Paul Fontenot wrote: > >>> I'm *assuming* you mean somewhere other than here (in the attached png > >>> file). When I go to create the group and attempt to add the posixgroup > >>> object class I do not see that option anywhere - lots of other things > >>> though. I will go back to hunting the information on the fedora site as > >>> well. > >>> > >>> Thanks for the help, > >>> > >>> -Paul > >>> > >>> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote: > >>>> Paul, > >>>> You have to create a group in ldap, then add the posixgroup object > >>>> class. If you do this thru the admin console, you will then see a > >>>> text box appear called gidnumber. In that box enter whatever gid you > >>>> wish to use. > >>>> > >>>> Aaron > >>>> > >>>> Paul Fontenot wrote: > >>>>> Thanks Aaron, > >>>>> > >>>>> That's what has me stumped, the GID is there (that's the 500). I guess > >>>>> what has me confused is I can't figure out how to tie that number to a > >>>>> group and have it show in the getent group query. > >>>>> > >>>>> -Paul > >>>>> > >>>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: > >>>>> > >>>>>> Paul, > >>>>>> You probably need to assign a gidnumber (posixgroup attribute) to your > >>>>>> primary ldap group. I've noticed that linux boxes only recognize group > >>>>>> memberships for groups that have gid's. > >>>>>> > >>>>>> Aaron > >>>>>> > >>>>>> Paul Fontenot wrote: > >>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> I've searched hi and low and found a couple references to the problem I > >>>>>>> have but no solutions. > >>>>>>> > >>>>>>> If I issue 'getent passwd' I can see all the ldap users, if I issue a > >>>>>>> getent group I cannot see any of the ldap groups. When I log into one of > >>>>>>> my linux boxes I get 'id: cannot find name for group ID 500' (500 is an > >>>>>>> ldap group). > >>>>>>> > >>>>>>> What would cause this issue? I've been beating my head against it for a > >>>>>>> couple days and decided to turn to the experts. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> > >>>>>>> Paul > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Fedora-directory-users mailing list > >>>>>>> Fedora-directory-users@xxxxxxxxxx > >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>>>> > >>>>>>> > >>>>> -- > >>>>> Fedora-directory-users mailing list > >>>>> Fedora-directory-users@xxxxxxxxxx > >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>> -- > >>>> Aaron Bliss > >>>> Systems Administrator > >>>> SUNY Brockport > >>>> (585) 395-2417 > >>>> -- > >>>> Fedora-directory-users mailing list > >>>> Fedora-directory-users@xxxxxxxxxx > >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> -- > >>>> Fedora-directory-users mailing list > >>>> Fedora-directory-users@xxxxxxxxxx > >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@xxxxxxxxxx > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
