OpenLDAP 2.4.8 and FreeBSD/nss_ldap ==>> not working?

O. Hartmann ohartman at
Mon Feb 25 20:40:14 UTC 2008

apart from the fact that OpenLDAP 2.4.8 in conjunction with DB 4.6 ist 
absolutely BETA as mentioned in their docu, nevertheless I woul like 
asking about a problem I discovered.

Bevor upgrading (I did becauso of the syncrepl-facility) I stopped slapd 
and dumped its DB via "slapcat -l outfile.ldif" into a secure dumpfile. 
Then I removed the old DB-files in the database directory. Then I used 
"slapadd -l outfile.ldif" for restoring the database and after I 
recompiled everthing dependend on the ldap-client libs (nss_ldap, 
pam_ldap, pam_mkhomedir, sudo, postgresql), I was able to safely restart 
slapd. Everything seemed to work on a glimpse, but something was wrong.
I've group-objects (ou=groups, POSIX groups) in my DIT with attribute 
"memberUID=XXXX". With OpenLDAP 2.3.41 'id' shows up a user's UID, GID 
and membership in additional groups, but with LDAP 2.4.8, only the UID 
and GID is shown:

uid=2002(ohartmann) gid=2002(ohartmann) groups=2002(ohartmann) (OpenLDAP 

but it should be

uid=2002(ohartmann) gid=2002(ohartmann) 
groups=2002(ohartmann),512(Domain Admins),513(Domain 
Users),544(Administrators),2045(development) (2.3.41)

Either something in the schemata has changed or something is wrong. I 
tried to find out via the doku at OpenLDAP.ORG, but can't find any 
revealing infos.

Can anybody help?


More information about the freebsd-questions mailing list