Fedora directory users - Mar 2006 - adding a user to multiple groups

Hi, everybody.

I''ve a group with multiple memberUid attributes:

# sysadmin, Groups, example.com
dn: cn=sysadmin,ou=Groups,dc=example,dc=com
memberUid: 1125
memberUid: 1234
gidNumber: 14
objectClass: top
objectClass: posixgroup
cn: sysadmin
____

and a user test like this:

# test, UNIX, example.com
dn: uid=test,ou=UNIX,dc=example,dc=com
gidNumber: 1234
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: account
host: *
givenName: test
sn: asdf
uidNumber: 1234
uid: test
cn: test asdf
homeDirectory: /home/test

___

there is also a group "test" which uid test belongs to.  Now, test
should be a member of both test
and sysadmins, correct?

However, that doesn''t seem to be the case:

-bash-3.00$ grep test /etc/passwd
-bash-3.00$ id -a test
uid=1234(test) gid=1234 groups=1234
-bash-3.00$ id -G test
1234
-bash-3.00$ 

gid 14 doesn''t show up.  What am I doing wrong here?  Is this not how
you add a user to multiple
groups??

Thanks..

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Susan wrote:
>gid 14 doesn''t show up.  What am I doing wrong here?  Is this not
how you add a user to multiple
>groups??
>
>  
>
Perhaps you have nscd running and you are getting a cached answer?

-- 
Pete

Nop, I checked that:
[root@acmegrid1 ~]# /etc/init.d/nscd stop
Stopping nscd:                                             [  OK  ]
[root@acmegrid1 ~]# id -G test
1234
[root@acmegrid1 ~]# /etc/init.d/nscd start
Starting nscd:                                             [  OK  ]
[root@acmegrid1 ~]# id -G test
1234

still no gID 14....?


--- Pete Rowley <prowley@redhat.com> wrote:
> Susan wrote:
> 
> >gid 14 doesn''t show up.  What am I doing wrong here?  Is this
not how you add a user to
> multiple
> >groups??
> >
> >  
> >
> Perhaps you have nscd running and you are getting a cached answer?
> 
> -- 
> Pete
> 
> > --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Susan wrote:
>Nop, I checked that:
>[root@acmegrid1 ~]# /etc/init.d/nscd stop
>Stopping nscd:                                             [  OK  ]
>[root@acmegrid1 ~]# id -G test
>1234
>[root@acmegrid1 ~]# /etc/init.d/nscd start
>Starting nscd:                                             [  OK  ]
>[root@acmegrid1 ~]# id -G test
>1234
>
>still no gID 14....?
>
>  
>
Can you create a user with gid 14 as the primary group?

-- 
Pete

well, gid 14 was in conflict with uucp group, so I changed it a bit:

# testGroup, Groups, example.com
dn: cn=testGroup,ou=Groups,dc=example,dc=com
memberUid: 1234
cn: testGroup
gidNumber: 1234
objectClass: top
objectClass: posixgroup


# sysadmin, Groups, example.com
dn: cn=sysadmin,ou=Groups,dc=example,dc=com
gidNumber: 666
memberUid: 1125
memberUid: 1234
objectClass: top
objectClass: posixgroup
cn: sysadmin

# test, UNIX, example.com
dn: uid=test,ou=UNIX,dc=example,dc=com
gidNumber: 1234
givenName: test
uidNumber: 1234
uid: test

now, test should belong to testGroup & sysadmin, correct?  but
that''s not happening:

# id test -a
uid=1234(test) gid=1234(testGroup) groups=1234(testGroup)

I don''t understand this.  It seemed so straight forward!

(after switching test''s gidNumber from 1234 to 666):

# id test -a
uid=1234(test) gid=666(sysadmin) groups=666(sysadmin)

so, it''s not recognizing the memberUid attribute, I think.

There''s this in /etc/ldap.conf:

# Group member attribute
#pam_member_attribute uniquemember


I changed uniquemember to memberuid but that didn''t do anything....



--- Susan <logastellus@yahoo.com> wrote:
> Hi, everybody.
> 
> I''ve a group with multiple memberUid attributes:
> 
> # sysadmin, Groups, example.com
> dn: cn=sysadmin,ou=Groups,dc=example,dc=com
> memberUid: 1125
> memberUid: 1234
> gidNumber: 14
> objectClass: top
> objectClass: posixgroup
> cn: sysadmin
> ____
> 
> and a user test like this:
> 
> # test, UNIX, example.com
> dn: uid=test,ou=UNIX,dc=example,dc=com
> gidNumber: 1234
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: posixAccount
> objectClass: account
> host: *
> givenName: test
> sn: asdf
> uidNumber: 1234
> uid: test
> cn: test asdf
> homeDirectory: /home/test
> 
> ___
> 
> there is also a group "test" which uid test belongs to.  Now,
test should be a member of both
> test
> and sysadmins, correct?
> 
> However, that doesn''t seem to be the case:
> 
> -bash-3.00$ grep test /etc/passwd
> -bash-3.00$ id -a test
> uid=1234(test) gid=1234 groups=1234
> -bash-3.00$ id -G test
> 1234
> -bash-3.00$ 
> 
> gid 14 doesn''t show up.  What am I doing wrong here?  Is this not
how you add a user to multiple
> groups??
> 
> Thanks..
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Nevermind, got it!

Turns out, in the memberuid attribute, you must specify the NAME of the user,
NOT the UID.  (I
know, makes perfect sense, doesn''t it???  I mean, who in his infinite
wisdom named the attribute
memberUID, when it doesn''t work with a UID???)

Anyway, after changing 1234 to test, it works:

# id test -a
uid=1234(test) gid=666(sysadmin) groups=666(sysadmin),1234(testGroup)


Thank you, Pete.


--- Pete Rowley <prowley@redhat.com> wrote:
> Susan wrote:
> 
> >Nop, I checked that:
> >[root@acmegrid1 ~]# /etc/init.d/nscd stop
> >Stopping nscd:                                             [  OK  ]
> >[root@acmegrid1 ~]# id -G test
> >1234
> >[root@acmegrid1 ~]# /etc/init.d/nscd start
> >Starting nscd:                                             [  OK  ]
> >[root@acmegrid1 ~]# id -G test
> >1234
> >
> >still no gID 14....?
> >
> >  
> >
> Can you create a user with gid 14 as the primary group?
> 
> -- 
> Pete
> 
> > --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Susan wrote:
>Nevermind, got it!
>
>Turns out, in the memberuid attribute, you must specify the NAME of the
user, NOT the UID.  (I
>know, makes perfect sense, doesn''t it???  I mean, who in his
infinite wisdom named the attribute
>memberUID, when it doesn''t work with a UID???)
>
>  
>
Ah yes, that is all a little confusing.  In RFC2307 parlance, a unix uid 
is referred to as uidNumber because in LDAP uid generally refers to 
textual representation of the user.
>Anyway, after changing 1234 to test, it works:
>
># id test -a
>uid=1234(test) gid=666(sysadmin) groups=666(sysadmin),1234(testGroup)
>
>  
>
Good stuff


-- 
Pete

Shouldn''t memberuid be the user name, not the numeric uid?

That is how we have it set up and we don''t have any issues.

So under sysadmin memberUid should be

memberUid: test

not

memberUid: 1234


Jamie

> well, gid 14 was in conflict with uucp group, so I changed it a bit:
>
> # testGroup, Groups, example.com
> dn: cn=testGroup,ou=Groups,dc=example,dc=com
> memberUid: 1234
> cn: testGroup
> gidNumber: 1234
> objectClass: top
> objectClass: posixgroup
>
>
> # sysadmin, Groups, example.com
> dn: cn=sysadmin,ou=Groups,dc=example,dc=com
> gidNumber: 666
> memberUid: 1125
> memberUid: 1234
> objectClass: top
> objectClass: posixgroup
> cn: sysadmin
>
> # test, UNIX, example.com
> dn: uid=test,ou=UNIX,dc=example,dc=com
> gidNumber: 1234
> givenName: test
> uidNumber: 1234
> uid: test
>
> now, test should belong to testGroup & sysadmin, correct?  but
that''s not
> happening:
>
> # id test -a
> uid=1234(test) gid=1234(testGroup) groups=1234(testGroup)
>
> I don''t understand this.  It seemed so straight forward!
>
> (after switching test''s gidNumber from 1234 to 666):
>
> # id test -a
> uid=1234(test) gid=666(sysadmin) groups=666(sysadmin)
>
> so, it''s not recognizing the memberUid attribute, I think.
>
> There''s this in /etc/ldap.conf:
>
> # Group member attribute
> #pam_member_attribute uniquemember
>
>
> I changed uniquemember to memberuid but that didn''t do
anything....
>

You are absolutely right, Jamie.  I just now discovered this by accident.. :)



--- Jamie McKnight <warthog@warthogsolutions.com> wrote:
> 
> Shouldn''t memberuid be the user name, not the numeric uid?
> 
> That is how we have it set up and we don''t have any issues.
> 
> So under sysadmin memberUid should be
> 
> memberUid: test
> 
> not
> 
> memberUid: 1234
> 
> 
> Jamie
> 
> 
> > well, gid 14 was in conflict with uucp group, so I changed it a bit:
> >
> > # testGroup, Groups, example.com
> > dn: cn=testGroup,ou=Groups,dc=example,dc=com
> > memberUid: 1234
> > cn: testGroup
> > gidNumber: 1234
> > objectClass: top
> > objectClass: posixgroup
> >
> >
> > # sysadmin, Groups, example.com
> > dn: cn=sysadmin,ou=Groups,dc=example,dc=com
> > gidNumber: 666
> > memberUid: 1125
> > memberUid: 1234
> > objectClass: top
> > objectClass: posixgroup
> > cn: sysadmin
> >
> > # test, UNIX, example.com
> > dn: uid=test,ou=UNIX,dc=example,dc=com
> > gidNumber: 1234
> > givenName: test
> > uidNumber: 1234
> > uid: test
> >
> > now, test should belong to testGroup & sysadmin, correct?  but
that''s not
> > happening:
> >
> > # id test -a
> > uid=1234(test) gid=1234(testGroup) groups=1234(testGroup)
> >
> > I don''t understand this.  It seemed so straight forward!
> >
> > (after switching test''s gidNumber from 1234 to 666):
> >
> > # id test -a
> > uid=1234(test) gid=666(sysadmin) groups=666(sysadmin)
> >
> > so, it''s not recognizing the memberUid attribute, I think.
> >
> > There''s this in /etc/ldap.conf:
> >
> > # Group member attribute
> > #pam_member_attribute uniquemember
> >
> >
> > I changed uniquemember to memberuid but that didn''t do
anything....
> >
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

If you are running nscd you need to try
as root service nscd reload

Just stop and starting will not do the trick.

cheers
Doug
On Mar 14, 2006, at 10:00 PM, Susan wrote:
> Nop, I checked that:
> [root@acmegrid1 ~]# /etc/init.d/nscd stop
> Stopping nscd:                                             [  OK  ]
> [root@acmegrid1 ~]# id -G test
> 1234
> [root@acmegrid1 ~]# /etc/init.d/nscd start
> Starting nscd:                                             [  OK  ]
> [root@acmegrid1 ~]# id -G test
> 1234
>
> still no gID 14....?
>
>
> --- Pete Rowley <prowley@redhat.com> wrote:
>
>> Susan wrote:
>>
>>> gid 14 doesn''t show up.  What am I doing wrong here?  Is
this not
>>> how you add a user to
>> multiple
>>> groups??
>>>
>>>
>>>
>> Perhaps you have nscd running and you are getting a cached answer?
>>
>> -- 
>> Pete
>>
>>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
================================Douglas Hussey
Systems Engineer
SAIC
Cell: 571-201-1294
DSN: 318-835-1442
FAX: 703-253-1061
================================Walking the road to enlightenment... I found a
penguin and a camel on
the way.

>> [root@acmegrid1 ~]# /etc/init.d/nscd stop
>> Stopping nscd:                                             [  OK  ]
>> [root@acmegrid1 ~]# id -G test
>> 1234
> If you are running nscd you need to try
> as root service nscd reload
What Sarah did is stop nscd, then did an id lookup while nscd is  
stopped. It is certainly a valid test.

The problem is that a stop/start does not invalidate the nscd cache -  
a simple "nscd -i passwd ; nscd -i group" will do that without a  
service reload.


On 15 Mar 2006, at 06:54, Douglas Hussey wrote:
> If you are running nscd you need to try
> as root service nscd reload
>
> Just stop and starting will not do the trick.
>
> cheers
> Doug
> On Mar 14, 2006, at 10:00 PM, Susan wrote:
>
>> Nop, I checked that:
>> [root@acmegrid1 ~]# /etc/init.d/nscd stop
>> Stopping nscd:                                             [  OK  ]
>> [root@acmegrid1 ~]# id -G test
>> 1234
>> [root@acmegrid1 ~]# /etc/init.d/nscd start
>> Starting nscd:                                             [  OK  ]
>> [root@acmegrid1 ~]# id -G test
>> 1234
>>
>> still no gID 14....?
>>
>>
>> --- Pete Rowley <prowley@redhat.com> wrote:
>>
>>> Susan wrote:
>>>
>>>> gid 14 doesn''t show up.  What am I doing wrong here? 
Is this
>>>> not how you add a user to
>>> multiple
>>>> groups??
>>>>
>>>>
>>>>
>>> Perhaps you have nscd running and you are getting a cached answer?
>>>
>>> -- 
>>> Pete
>>>
>>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> ================================> Douglas Hussey
> Systems Engineer
> SAIC
> Cell: 571-201-1294
> DSN: 318-835-1442
> FAX: 703-253-1061
> ================================> Walking the road to enlightenment... I
found a penguin and a camel
> on the way.
>
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Hi everyone,
 
 I have a problem with starting ds. When I execute the ./startconsole, 
I got following errors.
 
 [root@xyz fedora-ds]# ./startconsole -u admin -a 
http://xyz.domain.com:20000
 GC Warning: Out of Memory!  Returning NIL!
 Exception in thread "main" java.lang.OutOfMemoryError
    <<No stacktrace available>>
 [root@xyz fedora-ds]#
 
 
 I installed j2re-1_4_2_11-linux-i586.rpm. 
 
 What is the solution? Any suggestion.
 
 thnx
 
		
---------------------------------
 Yahoo! Mail
 Use Photomail to share photos without annoying attachments.

--- "Sharpe, Sam J" <sam.sharpe@imperial.ac.uk> wrote:
> >> [root@acmegrid1 ~]# /etc/init.d/nscd stop
> >> Stopping nscd:                                             [  OK 
]
> >> [root@acmegrid1 ~]# id -G test
> >> 1234
> 
> > If you are running nscd you need to try
> > as root service nscd reload
> 
> What Sarah did is stop nscd, then did an id lookup while nscd is  
> stopped. It is certainly a valid test.
> 
> The problem is that a stop/start does not invalidate the nscd cache -  
> a simple "nscd -i passwd ; nscd -i group" will do that without a
> service reload.
> 
Ah -- didn''t know this one!  Thank you, Sam..


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com