I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.
This is the ldif of the user
# entry-id: 709
dn: uid=user,ou=ssh,c=it,o=organisation
modifyTimestamp: 20100331104156Z
modifiersName: cn=directory manager
gidNumber: 601
uidNumber: 496
cn: user
passwordGraceUserTime: 0
userPassword: {SHA}TytvRdv..<cut>
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..<cut>
gecos: user
homeDirectory: /home/user
host: server_hostname
loginShell: /bin/bash
objectClass: top
objectClass: posixaccount
objectClass: shadowaccount
objectClass: hostobject
objectClass: account
objectClass: sudorole
objectClass: ldappublickey
sudoCommand:
sudoHost:
sudoOption:
sudoRunAs:
sudoUser:
uid: user
creatorsName: cn=directory manager
createTimestamp: 20100316092928Z
nsUniqueId: 51f09b01-1dd2..<cut>
These are the ldifs of the groups:
# entry-id: 742
dn: cn=group2, ou=ssh, c=it, o=organisation
modifyTimestamp: 20100331134146Z
modifiersName: cn=directory manager
memberUid: 496
memberUid: 494
gidNumber: 600
objectClass: top
objectClass: posixgroup
cn: group2
creatorsName: cn=directory manager
createTimestamp: 20100331083223Z
nsUniqueId: e55dca81-1dd11..<cut>
# entry-id: 743
dn: cn=group1,ou=ssh, c=it, o=organisation
gidNumber: 601
objectClass: top
objectClass: posixgroup
cn: group1
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20100331083429Z
modifyTimestamp: 20100331083429Z
nsUniqueId: 2ce45681-1dd2..<cut>
2010/4/2 Renato Ribeiro da Silva <capareci@xxxxxxxxxx>:
> Are you sing the memberuid or the uniquemember attribute in the ldap? What
> are the values?
>
>
>
> Renato
>
> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@xxxxxxxxx > escreveu:
> Thanks for the answer but I already disabled nscd...
>
> Marco
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Marco,
>>
>> Try to stop the the nscd service. Sometimes it gives you the wrong
>> information.
>>
>>
>>
>> Regards,
>>
>> Renato
>>
>>
>>
>>
>>
>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@xxxxxxxxx >
>> escreveu:
>> Hi all,
>> I'm using fedora ds as authentication server for my network. I've
>> configured the environment so that linux gets users and groups
>> information from the ldap.
>> The problem is that I'm getting incomplete information! groups
>> definitions are missing.
>>
>> I'll give you an example: a user has a uid, a primary gid and
>> secondary gids. I'm not getting secondary gids.
>>
>> I would like "user" to be member of "group1" and "group2". If I ask
>> the ldap with getent I get these information:
>>
>> getent passwd user
>> user:x:496:601:user:/home/user:/bin/bash
>>
>> getent group group1
>> group1:*:601:
>>
>> getent group group2
>> group2:*:600:496,494
>>
>> as you can see user has id 496 and gid 601. user is member also of
>> group2 ( gid 600)
>>
>> But if I query the system about the "user", I get:
>>
>> id user
>> uid=496(user) gid=601(group1) groups=601(group1)
>>
>>
>> Have you ever seen this behaviour? Have you got suggestions?
>>
>>
>> Regards,
>>
>> Marco
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxx t.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
