[Fedora-directory-users] group mapping issue
George Holbert
gholbert at broadcom.com
Tue Jan 23 22:26:17 UTC 2007
This means the client can't find any group objects in your LDAP
directory that have gidNumber=1676.
Have you loaded your group data into the directory?
Try this on one of your LDAP clients:
# getent group 1676
Then, see what search this generates on the LDAP server by looking at
the access log.
You could also test with a manual ldapsearch, e.g.:
# ldapsearch -x -h ldap.example.com -D <binddn from clients'
/etc/ldap.conf> -b dc=example,dc=com
(&(objectClass=posixGroup)(gidNumber=1676))
Brandon Young wrote:
> I have recently attempted to set up a Fedora Directory Server for
> evaluation as a replacement for NIS. Overall, the set up process was
> pretty painless. I spent some time reading the Installation Guide,
> Administrator's Guide, and Deployment Guide beforehand. Additionally,
> I tracked down this wonderful guide
> (http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-26072006.html)
> which seemed like exactly what I needed.
>
> I am trying to (ultimately) set up a directory service which provides
> user authentication for Linux and OS X clients.
>
> The problem I have run in to is the following: when I issue the
> command `ls`, I see the following:
> ~$ ls -l
> total 1
> drwxr-xr-x 2 bky 1676 336 Jan 23 09:12 Desktop
> drwxr-xr-x 4 bky 1676 216 Jan 17 10:24 Documents
> drwx------ 19 bky 1676 544 Jan 22 12:19 Library
> drwxr-xr-x 2 bky 1676 48 Jan 17 08:33 Movies
> drwxr-xr-x 3 bky 1676 72 Jan 17 09:45 Music
> drwxr-xr-x 2 bky 1676 48 Jan 17 08:30 Pictures
> drwxrwxr-x 2 bky 1676 96 Dec 20 14:29 bin
> drwxrwxr-x 3 bky 1676 72 Dec 20 15:53 svn
> drwxr-xr-x 2 bky 1676 48 Jan 17 09:48 vmware
> ~$
>
>
> if I issue the 'groups' command for the user, it tells me:
>
> # groups bky
> id: cannot find name for group ID 1676
> #
>
> So, it seems obvious to me that group mappings are not configured
> correctly. On the client side, I am using a CentOS 4.4 machine,
> configured to use ldap using system-config-authentication, and further
> tweaking /etc/ldap.conf values for nss_base_passwd, nss_base_shadow,
> and nss_base_group. Further, in digging through the mailing list
> archives I found a suggestion to make sure pam_member_attribute was
> set to uniqueMember -- which I tried, to no avail. I also tried
> starting nscd which does not fix it (but I didn't really feel like
> that was the problem, anyway).
>
> I will further mention here that the ldap-client package is installed
> and I have not tried to configure SSL or TLS, yet.
>
> So, with that in mind ... what very obvious thing am I missing? Has
> anyone seen and resolved this issue for themselves? Any help would be
> greatly appreciated.
>
More information about the Fedora-directory-users
mailing list