Hello !
I just looked for resolving my issue almost everywhere else... But I couldn't find my answer.
My problem is that I have groups defined in my ldap database, which I use to authenticate and identify the users on my servers. (ubuntu 9.04 server). When I log in, I would like to "import" the ldap groups in which I am.
the users are defined like this :
my groups are like this :
On the host that runs the openldap server, "getent group" returns me all the groups, including those that are defined in my ldap database, and for 5 minutes, the users comes with groups !!!
On the others hosts, "getent group" gives me the right groups, but the users doesn't come with them, and that is really annoying...
I don't see the difference between the ldap.conf (or libnss-ldap.conf cause my ldap host is a debian one) files...
I just looked for resolving my issue almost everywhere else... But I couldn't find my answer.
My problem is that I have groups defined in my ldap database, which I use to authenticate and identify the users on my servers. (ubuntu 9.04 server). When I log in, I would like to "import" the ldap groups in which I am.
the users are defined like this :
Code:
dn: uid=judu,ou=kanop,dc=kan-op,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 2005
uid: judu
cn: my name
loginShell: /bin/bash
gidNumber: 1042
homeDirectory: /home/judumy groups are like this :
Code:
dn: cn=kroot,ou=groups,dc=kan-op,dc=com
memberUid: judu
gidNumber: 1042
objectClass: posixGroup
objectClass: top
cn: krootOn the host that runs the openldap server, "getent group" returns me all the groups, including those that are defined in my ldap database, and for 5 minutes, the users comes with groups !!!
On the others hosts, "getent group" gives me the right groups, but the users doesn't come with them, and that is really annoying...
I don't see the difference between the ldap.conf (or libnss-ldap.conf cause my ldap host is a debian one) files...
Code:
###DEBCONF###
# the configuration of this file will be done by debconf as long as the
# first line of the file says '###DEBCONF###'
#
# you should use dpkg-reconfigure libnss-ldap to configure this file.
#
@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# [URL unfurl="true"]http://www.padl.com[/URL]
#
# The distinguished name of the search base.
base ou=kanop,dc=kan-op,dc=com
# Another way to specify your LDAP server is to provide an
uri ldap://127.0.0.1:389
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
# Please do not put double quotes around it as they
# would be included literally.
binddn cn=proxyuser,dc=kan-op,dc=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw [the password]
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/libnss-ldap.secret (mode 600)
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
# of an editor to create the file.
rootbinddn cn=admin,dc=kan-op,dc=com
# The user ID attribute (defaults to uid)
pam_login_attribute uid
pam_member_attribute gid
# Use backlinks for answering initgroups()
nss_initgroups backlink
nss_base_passwd ou=kanop,dc=kan-op,dc=com?sub
nss_base_shadow ou=kanop,dc=kan-op,dc=com?one
nss_base_group ou=groups,dc=kan-op,dc=com?one