hi i use now FDS as group database here is a group i defined dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr cn: toto objectClass: top objectClass: groupOfUniqueNames objectClass: posixGroup objectClass: groupofnames gidNumber: 16000 memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr id bob give me : uid=51117(bob) gid=16000 what did i forget to do this group a unix group thanks basile
basile au siris wrote:> hi > > i use now FDS as group database > here is a group i defined > > dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr > cn: toto > objectClass: top > objectClass: groupOfUniqueNames > objectClass: posixGroup > objectClass: groupofnames > gidNumber: 16000 > memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr > > > id bob give me : uid=51117(bob) gid=16000 > what did i forget to do this group a unix groupThe memberUid attribute is INTEGER syntax. The value of this attribute should be the group members'' uidNumber values. For a gruopOfNames (or groupOfUniqueNames) the member or uniquemember attributes are used, and these hold the DNs of the members'' entries.> thanks > basile > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
i do what you say but have the same problem it seems my group is not a unix group getent passwd give me all users ( /etc/passwd and ldap ) but getent group just give /etc/groups groups thanks basile Rich Megginson wrote:> basile au siris wrote: > >> hi >> >> i use now FDS as group database >> here is a group i defined >> >> dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr >> cn: toto >> objectClass: top >> objectClass: groupOfUniqueNames >> objectClass: posixGroup >> objectClass: groupofnames >> gidNumber: 16000 >> memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr >> >> >> id bob give me : uid=51117(bob) gid=16000 >> what did i forget to do this group a unix group > > > The memberUid attribute is INTEGER syntax. The value of this > attribute should be the group members'' uidNumber values. For a > gruopOfNames (or groupOfUniqueNames) the member or uniquemember > attributes are used, and these hold the DNs of the members'' entries. > >> thanks >> basile >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
basile au siris wrote:> i do what you say but have the same problem > it seems my group is not a unix group > getent passwd give me all users ( /etc/passwd and ldap ) > but getent group just give /etc/groups groupsI''m not sure then. Check your /etc/nsswitch.conf and your pam configuration.> thanks > basile > > Rich Megginson wrote: > >> basile au siris wrote: >> >>> hi >>> >>> i use now FDS as group database >>> here is a group i defined >>> >>> dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr >>> cn: toto >>> objectClass: top >>> objectClass: groupOfUniqueNames >>> objectClass: posixGroup >>> objectClass: groupofnames >>> gidNumber: 16000 >>> memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr >>> >>> >>> id bob give me : uid=51117(bob) gid=16000 >>> what did i forget to do this group a unix group >> >> >> >> The memberUid attribute is INTEGER syntax. The value of this >> attribute should be the group members'' uidNumber values. For a >> gruopOfNames (or groupOfUniqueNames) the member or uniquemember >> attributes are used, and these hold the DNs of the members'' entries. >> >>> thanks >>> basile >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
in nsswitch.conf i have group: files ldap and what can i check in pam.conf all works fine for users basile Rich Megginson wrote:> basile au siris wrote: > >> i do what you say but have the same problem >> it seems my group is not a unix group >> getent passwd give me all users ( /etc/passwd and ldap ) >> but getent group just give /etc/groups groups > > > I''m not sure then. Check your /etc/nsswitch.conf and your pam > configuration. > >> thanks >> basile >> >> Rich Megginson wrote: >> >>> basile au siris wrote: >>> >>>> hi >>>> >>>> i use now FDS as group database >>>> here is a group i defined >>>> >>>> dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr >>>> cn: toto >>>> objectClass: top >>>> objectClass: groupOfUniqueNames >>>> objectClass: posixGroup >>>> objectClass: groupofnames >>>> gidNumber: 16000 >>>> memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr >>>> >>>> >>>> id bob give me : uid=51117(bob) gid=16000 >>>> what did i forget to do this group a unix group >>> >>> >>> >>> >>> The memberUid attribute is INTEGER syntax. The value of this >>> attribute should be the group members'' uidNumber values. For a >>> gruopOfNames (or groupOfUniqueNames) the member or uniquemember >>> attributes are used, and these hold the DNs of the members'' entries. >>> >>>> thanks >>>> basile >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
basile au siris wrote:> in nsswitch.conf i have > group: files ldapTry group: ldap [NOTFOUND=return] files or something like that - I''m not sure of the exact syntax. This will tell it to first use ldap for group lookups, and fail if not found in ldap, unless ldap is down, in which case lookups will go to /etc/groups> and what can i check in pam.conf > all works fine for users > basile > > > > Rich Megginson wrote: > >> basile au siris wrote: >> >>> i do what you say but have the same problem >>> it seems my group is not a unix group >>> getent passwd give me all users ( /etc/passwd and ldap ) >>> but getent group just give /etc/groups groups >> >> >> >> I''m not sure then. Check your /etc/nsswitch.conf and your pam >> configuration. >> >>> thanks >>> basile >>> >>> Rich Megginson wrote: >>> >>>> basile au siris wrote: >>>> >>>>> hi >>>>> >>>>> i use now FDS as group database >>>>> here is a group i defined >>>>> >>>>> dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr >>>>> cn: toto >>>>> objectClass: top >>>>> objectClass: groupOfUniqueNames >>>>> objectClass: posixGroup >>>>> objectClass: groupofnames >>>>> gidNumber: 16000 >>>>> memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr >>>>> >>>>> >>>>> id bob give me : uid=51117(bob) gid=16000 >>>>> what did i forget to do this group a unix group >>>> >>>> >>>> >>>> >>>> >>>> The memberUid attribute is INTEGER syntax. The value of this >>>> attribute should be the group members'' uidNumber values. For a >>>> gruopOfNames (or groupOfUniqueNames) the member or uniquemember >>>> attributes are used, and these hold the DNs of the members'' entries. >>>> >>>>> thanks >>>>> basile >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
hi still don t work here is the group i create : dn: cn=toto,ou=Groups,dc=exemple,dc=fr objectclass: top objectclass: groupofuniquenames objectclass: posixgroup gidnumber: 10000 memberuid: 10067 cn: toto and getent group doesnt give me toto as a group and id user 10067 don t give me name of the group thanks for help basile ps all works fine for users Rich Megginson wrote:> basile au siris wrote: > >> in nsswitch.conf i have >> group: files ldap > > > Try > group: ldap [NOTFOUND=return] files > > or something like that - I''m not sure of the exact syntax. This will > tell it to first use ldap for group lookups, and fail if not found in > ldap, unless ldap is down, in which case lookups will go to /etc/groups > >> and what can i check in pam.conf >> all works fine for users >> basile >> >> >> >> Rich Megginson wrote: >> >>> basile au siris wrote: >>> >>>> i do what you say but have the same problem >>>> it seems my group is not a unix group >>>> getent passwd give me all users ( /etc/passwd and ldap ) >>>> but getent group just give /etc/groups groups >>> >>> >>> >>> >>> I''m not sure then. Check your /etc/nsswitch.conf and your pam >>> configuration. >>> >>>> thanks >>>> basile >>>> >>>> Rich Megginson wrote: >>>> >>>>> basile au siris wrote: >>>>> >>>>>> hi >>>>>> >>>>>> i use now FDS as group database >>>>>> here is a group i defined >>>>>> >>>>>> dn: cn=toto,ou=Groups,dc=sorbonne,dc=fr >>>>>> cn: toto >>>>>> objectClass: top >>>>>> objectClass: groupOfUniqueNames >>>>>> objectClass: posixGroup >>>>>> objectClass: groupofnames >>>>>> gidNumber: 16000 >>>>>> memberUid: uid=bob,ou=People,dc=sorbonne,dc=fr >>>>>> >>>>>> >>>>>> id bob give me : uid=51117(bob) gid=16000 >>>>>> what did i forget to do this group a unix group >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> The memberUid attribute is INTEGER syntax. The value of this >>>>> attribute should be the group members'' uidNumber values. For a >>>>> gruopOfNames (or groupOfUniqueNames) the member or uniquemember >>>>> attributes are used, and these hold the DNs of the members'' entries. >>>>> >>>>>> thanks >>>>>> basile >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
basile au siris wrote:> hi > still don t work > here is the group i create : > dn: cn=toto,ou=Groups,dc=exemple,dc=fr > objectclass: top > objectclass: groupofuniquenames > objectclass: posixgroup > gidnumber: 10000 > memberuid: 10067 > cn: toto > > and getent group doesnt give me toto as a group and id user 10067 don t > give me name > of the groupThis is really an nss-ldap question, not a FDS question. You might want to ask on the nss-ldap list. You need to check a couple of things: * Your group object is of the groupOfUniqueNames objectclass. Therefore you need to have a uniqueMember attribute. * Check the values of pam_member_attribute and nss_base_group in /etc/ldap.conf -- Del