On Wed, 2008-05-28 at 13:51 -0400, Ryan Golhar wrote: > Hi all, > > I have RHEL 5 running as an LDAP server, and am trying to configure a > second server to mimic the first one. I have created multiple groups in > LDAP and assigned various users to these groups. On the second server, > running 'id' from the shell doesn't show those secondary groups. What LDAP product are you using (openldap, FDS, Apache DS, etc) > > I thought there might be something wrong with nsswitch.conf, but 'getent > group' is reporting the secondary groups and the users but with a 'x' in > the second field: RHEL provides a nifty lazy tool system-config-authentication which in my experience works 100% of the time with LDAP. You may want to give it a look for the setup bits, it eliminates typos and is all around successful. > > users:x:500:user1,user2,user3 > > whereas on the first server, I see: > > users:*:500:user1,user2,user3 > Why the difference in the second field? This is just different shadow syntax, both of these point the password field to gshadow, nothing to worry about > > 'id' doesn't report the secondary groups either. 'id' on the first LDAP > server shows something like: > > uid=501(golharam) gid=501(sansuser) > groups=500(users),501(sansuser),85(cvs) context=user_u:system_r:unconfined_t > > On the second LDAP server, I get: > uid=501(golharam) gid=500(users) groups=500(users) > context=user_u:system_r:unconfined_t > > There should be a second group as 'cvs' with gid=85. Does anyone know > why I wouldn't see secondary groups in my second LDAP server? This very much depends on how exactly the entry is listed in your ldap database. Pat -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
