nss_ldap and multiple group memberships

Patrick M. Hausen hausen at punkt.de
Wed Feb 24 10:39:50 UTC 2010 

Hi, all,

On Wed, Feb 24, 2010 at 11:23:11AM +0100, Gerrit Kühn wrote:
> Is anyone here using nss_ldap and can successfully get it to work with
> multiple group memberships? I would really like to get this to work here,
> but I only get the primary group:
> 
> penumbra# id gekueh
> uid=1030(gekueh) gid=1012(aei) groups=1012(aei)

[ry93 at devel ~]$ uname -a
FreeBSD devel.intern.punkt.de 7.2-RELEASE-p6 FreeBSD 7.2-RELEASE-p6 #0: Mon Feb 22 16:17:54 CET 2010     root at nanobsd.ka.punkt.de:/var/home/nanobsd/obj/dl320-devel/usr/src/sys/GENERIC  amd64

[ry93 at devel ~]$ pkg_info | grep ldap
nss_ldap-1.264_3    RFC 2307 NSS module
openldap-client-2.4.21 Open source LDAP client implementation
pam_ldap-1.8.5      A pam module for authenticating with LDAP

[ry93 at devel ~]$ id
uid=10093(ry93) gid=10001(intern) groups=10001(intern),0(wheel)

LDAP server is Active Directory on Windows 2003 R2.

What precisely do you need? Ah, heck, I'll just attach
my config files right away.

nss_ldap.conf is just a symlink to ldap.conf.
I do not remember where that '?one' came from and what precisely
it does. Voodoo I copied from some obscure "Howto", I figure.
I'd appreciate some feedback on that part ;-)

Best regards, HTH,
Patrick
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285
-------------- next part --------------
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.8.1 2009/04/15 03:14:26 kensmith Exp $
#
group: cache files ldap
hosts: files dns
networks: files
passwd: cache files ldap
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
-------------- next part --------------
uri ldap://pdc.intern.punkt.de
base DC=intern,DC=punkt,DC=de
ldap_version 3
binddn ***
bindpw ***
scope sub
idle_timelimit 60

pam_login_attribute msSFU30Name
pam_filter objectclass=User
pam_password ad

nss_map_objectclass posixAccount User
nss_map_objectclass posixGroup Group

nss_base_passwd ou=Mitarbeiter,dc=intern,dc=punkt,dc=de?one
nss_base_group ou=Unixgruppen,dc=intern,dc=punkt,dc=de?one

nss_map_attribute uid msSFU30Name
nss_map_attribute gecos name
nss_map_attribute userPassword unixUserPassword
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
nss_map_attribute cn sAMAccountName
nss_map_attribute uniquemember msSFU30PosixMember

More information about the freebsd-stable mailing list