nss_ldap seems to not work
Anthony Pankov
ap00 at mail.ru
Tue Nov 8 19:20:56 UTC 2016
Hello, Alexander.
I'm sorry, but this happen when engaging production server. I fix
it by moving to nss-pam-ldap (nslcd) so I can't move back and give
this option a chance.
> Does it help if you add "nss_schema rfc2307” to nss_ldap.config?
>> On 8 нояб. 2016 г., at 17:00, Anthony Pankov via freebsd-hackers <freebsd-hackers at freebsd.org> wrote:
>>
>> Greetings.
>>
>> nss_ldap seems to not work correctly at least at FreeBSD 10.3.
>>
>> Two configurations
>> 1. FreeBSD 9.2
>> 2. FreeBSD 10.3
>> sharing nss_ldap settings and using the same LDAP tree (DIT) produce
>> different results.
>>
>> At FreeBSD 10.3 nss_ldap can't enumerate supplementary user
>> groups.
>>
>> Example:
>> FreeBSD 9.2:
>> # id user1
>> ... groups=basegroup,gr1,gr2,gr3
>> FreeBSD 10.3:
>> # id user1
>> ... groups=basegroup
>>
>> The effect is inadequate result of initgroups() calling which lead to
>> various side effects with permissions.
>>
>> P.S. Interesting fact. At FreeBSD 10.3 pw utility produce correct
>> result:
>> #pw usershow user1
>> ... groups=basegroup,gr1,gr2,gr3
>>
>> --
>> Best regards,
>> Anthony mailto:ap00 at mail.ru
>>
>> _______________________________________________
>> freebsd-hackers at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe at freebsd.org"
--
С уважением,
Anthony mailto:ap00 at mail.ru
More information about the freebsd-hackers
mailing list