Hi, I''ve searched hi and low and found a couple references to the problem I have but no solutions. If I issue ''getent passwd'' I can see all the ldap users, if I issue a getent group I cannot see any of the ldap groups. When I log into one of my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an ldap group). What would cause this issue? I''ve been beating my head against it for a couple days and decided to turn to the experts. Thanks, Paul
Paul, You probably need to assign a gidnumber (posixgroup attribute) to your primary ldap group. I''ve noticed that linux boxes only recognize group memberships for groups that have gid''s. Aaron Paul Fontenot wrote:> Hi, > > I''ve searched hi and low and found a couple references to the problem I > have but no solutions. > > If I issue ''getent passwd'' I can see all the ldap users, if I issue a > getent group I cannot see any of the ldap groups. When I log into one of > my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > ldap group). > > What would cause this issue? I''ve been beating my head against it for a > couple days and decided to turn to the experts. > > Thanks, > > Paul > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- Aaron Bliss Systems Administrator SUNY Brockport (585) 395-2417
Thanks Aaron, That''s what has me stumped, the GID is there (that''s the 500). I guess what has me confused is I can''t figure out how to tie that number to a group and have it show in the getent group query. -Paul On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:> Paul, > You probably need to assign a gidnumber (posixgroup attribute) to your > primary ldap group. I''ve noticed that linux boxes only recognize group > memberships for groups that have gid''s. > > Aaron > > Paul Fontenot wrote: > > Hi, > > > > I''ve searched hi and low and found a couple references to the problem I > > have but no solutions. > > > > If I issue ''getent passwd'' I can see all the ldap users, if I issue a > > getent group I cannot see any of the ldap groups. When I log into one of > > my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > > ldap group). > > > > What would cause this issue? I''ve been beating my head against it for a > > couple days and decided to turn to the experts. > > > > Thanks, > > > > Paul > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Paul,<br>
You have to create a group in ldap, then add the posixgroup object
class. If you do this thru the admin console, you will then see a text
box appear called gidnumber. In that box enter whatever gid you wish
to use.<br>
<br>
Aaron<br>
<br>
Paul Fontenot wrote:
<blockquote
cite="mid:1199308898.3678.3.camel@squid.fontenotshome.org.fontenotshome.org"
type="cite">
<pre wrap="">Thanks Aaron,
That''s what has me stumped, the GID is there (that''s the 500).
I guess
what has me confused is I can''t figure out how to tie that number to a
group and have it show in the getent group query.
-Paul
On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Paul,
You probably need to assign a gidnumber (posixgroup attribute) to your
primary ldap group. I''ve noticed that linux boxes only recognize group
memberships for groups that have gid''s.
Aaron
Paul Fontenot wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I''ve searched hi and low and found a couple references to the problem I
have but no solutions.
If I issue ''getent passwd'' I can see all the ldap users, if I
issue a
getent group I cannot see any of the ldap groups. When I log into one of
my linux boxes I get ''id: cannot find name for group ID 500''
(500 is an
ldap group).
What would cause this issue? I''ve been beating my head against it for a
couple days and decided to turn to the experts.
Thanks,
Paul
--
Fedora-directory-users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>
<a class="moz-txt-link-freetext"
href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a>
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
--
Fedora-directory-users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a>
<a class="moz-txt-link-freetext"
href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Aaron Bliss
Systems Administrator
SUNY Brockport
(585) 395-2417</pre>
</body>
</html>
I''m *assuming* you mean somewhere other than here (in the attached png file). When I go to create the group and attempt to add the posixgroup object class I do not see that option anywhere - lots of other things though. I will go back to hunting the information on the fedora site as well. Thanks for the help, -Paul On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote:> Paul, > You have to create a group in ldap, then add the posixgroup object > class. If you do this thru the admin console, you will then see a > text box appear called gidnumber. In that box enter whatever gid you > wish to use. > > Aaron > > Paul Fontenot wrote: > > Thanks Aaron, > > > > That''s what has me stumped, the GID is there (that''s the 500). I guess > > what has me confused is I can''t figure out how to tie that number to a > > group and have it show in the getent group query. > > > > -Paul > > > > On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: > > > > > Paul, > > > You probably need to assign a gidnumber (posixgroup attribute) to your > > > primary ldap group. I''ve noticed that linux boxes only recognize group > > > memberships for groups that have gid''s. > > > > > > Aaron > > > > > > Paul Fontenot wrote: > > > > > > > Hi, > > > > > > > > I''ve searched hi and low and found a couple references to the problem I > > > > have but no solutions. > > > > > > > > If I issue ''getent passwd'' I can see all the ldap users, if I issue a > > > > getent group I cannot see any of the ldap groups. When I log into one of > > > > my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > > > > ldap group). > > > > > > > > What would cause this issue? I''ve been beating my head against it for a > > > > couple days and decided to turn to the experts. > > > > > > > > Thanks, > > > > > > > > Paul > > > > > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Aaron Bliss > Systems Administrator > SUNY Brockport > (585) 395-2417 > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Make sure you''ve added the objectclass ''posixgroup'' to the ldap group. Also, you might also have to add the objectclass shadowAccount in case of AIX (forget which version). -Satish. Paul Fontenot wrote:> Hi, > > I''ve searched hi and low and found a couple references to the problem I > have but no solutions. > > If I issue ''getent passwd'' I can see all the ldap users, if I issue a > getent group I cannot see any of the ldap groups. When I log into one of > my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > ldap group). > > What would cause this issue? I''ve been beating my head against it for a > couple days and decided to turn to the experts. > > Thanks, > > Paul > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Paul, Go to the group entry. Right click and select ''Advanced properties''. Click on objectclass and click ''Add Value''. It should like all objectclasses you can add. -Satish. Paul Fontenot wrote:> I''m *assuming* you mean somewhere other than here (in the attached png > file). When I go to create the group and attempt to add the posixgroup > object class I do not see that option anywhere - lots of other things > though. I will go back to hunting the information on the fedora site as > well. > > Thanks for the help, > > -Paul > > On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote: >> Paul, >> You have to create a group in ldap, then add the posixgroup object >> class. If you do this thru the admin console, you will then see a >> text box appear called gidnumber. In that box enter whatever gid you >> wish to use. >> >> Aaron >> >> Paul Fontenot wrote: >>> Thanks Aaron, >>> >>> That''s what has me stumped, the GID is there (that''s the 500). I guess >>> what has me confused is I can''t figure out how to tie that number to a >>> group and have it show in the getent group query. >>> >>> -Paul >>> >>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: >>> >>>> Paul, >>>> You probably need to assign a gidnumber (posixgroup attribute) to your >>>> primary ldap group. I''ve noticed that linux boxes only recognize group >>>> memberships for groups that have gid''s. >>>> >>>> Aaron >>>> >>>> Paul Fontenot wrote: >>>> >>>>> Hi, >>>>> >>>>> I''ve searched hi and low and found a couple references to the problem I >>>>> have but no solutions. >>>>> >>>>> If I issue ''getent passwd'' I can see all the ldap users, if I issue a >>>>> getent group I cannot see any of the ldap groups. When I log into one of >>>>> my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an >>>>> ldap group). >>>>> >>>>> What would cause this issue? I''ve been beating my head against it for a >>>>> couple days and decided to turn to the experts. >>>>> >>>>> Thanks, >>>>> >>>>> Paul >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> -- >> Aaron Bliss >> Systems Administrator >> SUNY Brockport >> (585) 395-2417 >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> ------------------------------------------------------------------------ >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Thanks Satish, I have added all this (including the shadowAccount attribute). getent passwd / shadow work correctly but group still does not. I''m off to find documentation... Thanks, -Paul On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote:> Paul, > Go to the group entry. Right click and select ''Advanced properties''. > Click on objectclass and click ''Add Value''. It should like all > objectclasses you can add. > > -Satish. > > Paul Fontenot wrote: > > I''m *assuming* you mean somewhere other than here (in the attached png > > file). When I go to create the group and attempt to add the posixgroup > > object class I do not see that option anywhere - lots of other things > > though. I will go back to hunting the information on the fedora site as > > well. > > > > Thanks for the help, > > > > -Paul > > > > On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote: > >> Paul, > >> You have to create a group in ldap, then add the posixgroup object > >> class. If you do this thru the admin console, you will then see a > >> text box appear called gidnumber. In that box enter whatever gid you > >> wish to use. > >> > >> Aaron > >> > >> Paul Fontenot wrote: > >>> Thanks Aaron, > >>> > >>> That''s what has me stumped, the GID is there (that''s the 500). I guess > >>> what has me confused is I can''t figure out how to tie that number to a > >>> group and have it show in the getent group query. > >>> > >>> -Paul > >>> > >>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: > >>> > >>>> Paul, > >>>> You probably need to assign a gidnumber (posixgroup attribute) to your > >>>> primary ldap group. I''ve noticed that linux boxes only recognize group > >>>> memberships for groups that have gid''s. > >>>> > >>>> Aaron > >>>> > >>>> Paul Fontenot wrote: > >>>> > >>>>> Hi, > >>>>> > >>>>> I''ve searched hi and low and found a couple references to the problem I > >>>>> have but no solutions. > >>>>> > >>>>> If I issue ''getent passwd'' I can see all the ldap users, if I issue a > >>>>> getent group I cannot see any of the ldap groups. When I log into one of > >>>>> my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > >>>>> ldap group). > >>>>> > >>>>> What would cause this issue? I''ve been beating my head against it for a > >>>>> couple days and decided to turn to the experts. > >>>>> > >>>>> Thanks, > >>>>> > >>>>> Paul > >>>>> > >>>>> > >>>>> -- > >>>>> Fedora-directory-users mailing list > >>>>> Fedora-directory-users@redhat.com > >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users@redhat.com > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >> -- > >> Aaron Bliss > >> Systems Administrator > >> SUNY Brockport > >> (585) 395-2417 > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> ------------------------------------------------------------------------ > >> > >> > >> ------------------------------------------------------------------------ > >> > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Paul, You can do few things to debug... * Check the server log to see what happens... * Do the same with ldapsearch and see if you get results. Ex. ldapsearch -h myhost -p 389 -b "dc=example, dc=com" "objectclass=posixgroup" etc... * Check /etc/nsswitch.conf to make sure the ''ldap'' is included in the search order (if you use authconfig on Linux it will set it for you). -Satish. Paul Fontenot wrote:> Thanks Satish, > > I have added all this (including the shadowAccount attribute). getent > passwd / shadow work correctly but group still does not. I''m off to find > documentation... > > Thanks, > > -Paul > > On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote: >> Paul, >> Go to the group entry. Right click and select ''Advanced properties''. >> Click on objectclass and click ''Add Value''. It should like all >> objectclasses you can add. >> >> -Satish. >> >> Paul Fontenot wrote: >>> I''m *assuming* you mean somewhere other than here (in the attached png >>> file). When I go to create the group and attempt to add the posixgroup >>> object class I do not see that option anywhere - lots of other things >>> though. I will go back to hunting the information on the fedora site as >>> well. >>> >>> Thanks for the help, >>> >>> -Paul >>> >>> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote: >>>> Paul, >>>> You have to create a group in ldap, then add the posixgroup object >>>> class. If you do this thru the admin console, you will then see a >>>> text box appear called gidnumber. In that box enter whatever gid you >>>> wish to use. >>>> >>>> Aaron >>>> >>>> Paul Fontenot wrote: >>>>> Thanks Aaron, >>>>> >>>>> That''s what has me stumped, the GID is there (that''s the 500). I guess >>>>> what has me confused is I can''t figure out how to tie that number to a >>>>> group and have it show in the getent group query. >>>>> >>>>> -Paul >>>>> >>>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: >>>>> >>>>>> Paul, >>>>>> You probably need to assign a gidnumber (posixgroup attribute) to your >>>>>> primary ldap group. I''ve noticed that linux boxes only recognize group >>>>>> memberships for groups that have gid''s. >>>>>> >>>>>> Aaron >>>>>> >>>>>> Paul Fontenot wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I''ve searched hi and low and found a couple references to the problem I >>>>>>> have but no solutions. >>>>>>> >>>>>>> If I issue ''getent passwd'' I can see all the ldap users, if I issue a >>>>>>> getent group I cannot see any of the ldap groups. When I log into one of >>>>>>> my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an >>>>>>> ldap group). >>>>>>> >>>>>>> What would cause this issue? I''ve been beating my head against it for a >>>>>>> couple days and decided to turn to the experts. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Paul >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users@redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> -- >>>> Aaron Bliss >>>> Systems Administrator >>>> SUNY Brockport >>>> (585) 395-2417 >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
ldapsearch appears to be fine: [root@ldap bin]# ./ldapsearch -b "dc=fontenotshome,dc=org" "objectclass=posixgroup" version: 1 dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxAdmins gidNumber: 750 uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxUsers gidNumber: 500 uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org [root@ldap bin]# and the logs don''t show any errors. Does this thing do caching and if so how can itbe cleared, reset, etc... On Wed, 2008-01-02 at 17:11 -0500, Satish Chetty wrote:> Paul, > You can do few things to debug... > > * Check the server log to see what happens... > * Do the same with ldapsearch and see if you get results. Ex. ldapsearch > -h myhost -p 389 -b "dc=example, dc=com" "objectclass=posixgroup" etc... > * Check /etc/nsswitch.conf to make sure the ''ldap'' is included in the > search order (if you use authconfig on Linux it will set it for you). > > -Satish. > > Paul Fontenot wrote: > > Thanks Satish, > > > > I have added all this (including the shadowAccount attribute). getent > > passwd / shadow work correctly but group still does not. I''m off to find > > documentation... > > > > Thanks, > > > > -Paul > > > > On Wed, 2008-01-02 at 16:44 -0500, Satish Chetty wrote: > >> Paul, > >> Go to the group entry. Right click and select ''Advanced properties''. > >> Click on objectclass and click ''Add Value''. It should like all > >> objectclasses you can add. > >> > >> -Satish. > >> > >> Paul Fontenot wrote: > >>> I''m *assuming* you mean somewhere other than here (in the attached png > >>> file). When I go to create the group and attempt to add the posixgroup > >>> object class I do not see that option anywhere - lots of other things > >>> though. I will go back to hunting the information on the fedora site as > >>> well. > >>> > >>> Thanks for the help, > >>> > >>> -Paul > >>> > >>> On Wed, 2008-01-02 at 16:27 -0500, Aaron Bliss wrote: > >>>> Paul, > >>>> You have to create a group in ldap, then add the posixgroup object > >>>> class. If you do this thru the admin console, you will then see a > >>>> text box appear called gidnumber. In that box enter whatever gid you > >>>> wish to use. > >>>> > >>>> Aaron > >>>> > >>>> Paul Fontenot wrote: > >>>>> Thanks Aaron, > >>>>> > >>>>> That''s what has me stumped, the GID is there (that''s the 500). I guess > >>>>> what has me confused is I can''t figure out how to tie that number to a > >>>>> group and have it show in the getent group query. > >>>>> > >>>>> -Paul > >>>>> > >>>>> On Wed, 2008-01-02 at 16:11 -0500, Aaron Bliss wrote: > >>>>> > >>>>>> Paul, > >>>>>> You probably need to assign a gidnumber (posixgroup attribute) to your > >>>>>> primary ldap group. I''ve noticed that linux boxes only recognize group > >>>>>> memberships for groups that have gid''s. > >>>>>> > >>>>>> Aaron > >>>>>> > >>>>>> Paul Fontenot wrote: > >>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> I''ve searched hi and low and found a couple references to the problem I > >>>>>>> have but no solutions. > >>>>>>> > >>>>>>> If I issue ''getent passwd'' I can see all the ldap users, if I issue a > >>>>>>> getent group I cannot see any of the ldap groups. When I log into one of > >>>>>>> my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > >>>>>>> ldap group). > >>>>>>> > >>>>>>> What would cause this issue? I''ve been beating my head against it for a > >>>>>>> couple days and decided to turn to the experts. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> > >>>>>>> Paul > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Fedora-directory-users mailing list > >>>>>>> Fedora-directory-users@redhat.com > >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>>>> > >>>>>>> > >>>>> -- > >>>>> Fedora-directory-users mailing list > >>>>> Fedora-directory-users@redhat.com > >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>> -- > >>>> Aaron Bliss > >>>> Systems Administrator > >>>> SUNY Brockport > >>>> (585) 395-2417 > >>>> -- > >>>> Fedora-directory-users mailing list > >>>> Fedora-directory-users@redhat.com > >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> -- > >>>> Fedora-directory-users mailing list > >>>> Fedora-directory-users@redhat.com > >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi Paul! On Wed, 02 Jan 2008, Paul Fontenot wrote:> ldapsearch appears to be fine: > > [root@ldap bin]# ./ldapsearch -b "dc=fontenotshome,dc=org" > "objectclass=posixgroup" > version: 1 > dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org > objectClass: top > objectClass: groupofuniquenames > objectClass: posixgroup > cn: LinuxAdmins > gidNumber: 750 > uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org > > dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org > objectClass: top > objectClass: groupofuniquenames > objectClass: posixgroup > cn: LinuxUsers > gidNumber: 500 > uniqueMember: uid=fontenwp,ou=People, dc=fontenotshome,dc=org > [root@ldap bin]# > > and the logs don''t show any errors. Does this thing do caching and if so > how can itbe cleared, reset, etc...For Posix groups, most systems expect you to use "memberUid" rather than "uniqueMember" to specify group members, and to include uid names rather than DNs.
Thanks Patrick, After some changes... I think I shall go and eat and come back later. Thanks for all the help :)> For Posix groups, most systems expect you to use "memberUid" rather > than "uniqueMember" to specify group members, and to include uid names > rather than DNs.I now have this: [fontenwp@ldap bin]$ ./ldapsearch -b "dc=fontenotshome,dc=org" "objectclass=posixgroup" version: 1 dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxAdmins gidNumber: 750 memberUid: fontenwp dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: LinuxUsers gidNumber: 500 memberUid: fontenwp [fontenwp@ldap bin]$ I still have this: [fontenwp@ldap bin]$ id uid=500(fontenwp) gid=500 groups=500 [fontenwp@ldap bin]$ and the error "id: cannot find name for group ID 500" -------------------------------------------------------------- 16:44:17 up 2:00, 1 user, load average: 0.11, 0.05, 0.01
All, Boy howdy I feel like an idiot, I do appreciate all the helpful tips and hints though. Here was my problem in the hopes this helps someone else :) In the /etc/ldap.conf on my client I fould the following... nss_base_group ou=Group,dc=fontenotshome,dc=org <-- * the culprit Should have been: nss_base_group ou=Groups,dc=fontenotshome,dc=org Thanks again, -Paul On Wed, 2008-01-02 at 14:06 -0700, Paul Fontenot wrote:> Hi, > > I''ve searched hi and low and found a couple references to the problem I > have but no solutions. > > If I issue ''getent passwd'' I can see all the ldap users, if I issue a > getent group I cannot see any of the ldap groups. When I log into one of > my linux boxes I get ''id: cannot find name for group ID 500'' (500 is an > ldap group). > > What would cause this issue? I''ve been beating my head against it for a > couple days and decided to turn to the experts. > > Thanks, > > Paul > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
hello, First: sorry for my bad english. Your user must have a ''gidnumber'' entry (from ''posixaccount'' objectclass), this is the user''s gid. Not require to write this username in the memberuid entry. If the group not the primary group of the user, require to write in the memberuid entry the username. ok, i know this is not too understandable. example: uid=500(fontenwp) gid=500(linuxusers) groups=750(linuxadmins),500(linuxusers) entrys: (only the important things) user: dn: cn=fontenwp, ou=People, dc=fontenotshome,dc=org objectclass: posixAccount gidNumber: 500 groups: dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org objectClass: posixgroup gidNumber: 500 memberUid: fontenwp <-- these not required dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org objectClass: posixgroup gidNumber: 750 memberUid: fontenwp <-- this required and offcourse configure correct nsswitch & pam. the default group ou in the nsswitch-ldap conf is the: ou=Group but, as i can see, You use the ou=Group_s_. check this. I hope this help you. KeeF Paul Fontenot wrote:> I now have this: > > [fontenwp@ldap bin]$ ./ldapsearch -b "dc=fontenotshome,dc=org" > "objectclass=posixgroup" > version: 1 > dn: cn=LinuxAdmins,ou=Groups, dc=fontenotshome,dc=org > objectClass: top > objectClass: groupofuniquenames > objectClass: posixgroup > cn: LinuxAdmins > gidNumber: 750 > memberUid: fontenwp > > dn: cn=LinuxUsers,ou=Groups, dc=fontenotshome,dc=org > objectClass: top > objectClass: groupofuniquenames > objectClass: posixgroup > cn: LinuxUsers > gidNumber: 500 > memberUid: fontenwp > [fontenwp@ldap bin]$ > > I still have this: > > [fontenwp@ldap bin]$ id > uid=500(fontenwp) gid=500 groups=500 > [fontenwp@ldap bin]$ > > and the error > > "id: cannot find name for group ID 500" > > -------------------------------------------------------------- > 16:44:17 up 2:00, 1 user, load average: 0.11, 0.05, 0.01 > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >