03-23-2014
Solaris LDAP group problem
I have a test environment which is running RedHat 6.5 Identity management. On the lab network are two Solaris 10 (U11) machines. I can successfully log into the S10 machines using the ldap username/passwords. However, I have a problem with groups and although I found through an internet search one person who had the exact same problem back in 2009, there was not solution.
On the S10 machine, the only group listed for a user is his/her primary group. If you do "groups username," it returns only the primary group. If you do "id -a username," it also returns only the primary group. Yet if you do "ldaplist -l group \*" you get the entire list of groups with all of the users. And users only get access to directories for which their primary group has rights.
I suspect this is a small configuration thing (probably in ldap_client_file), but I can't find an answer.
9 More Discussions You Might Find Interesting
1. Solaris
hi folks,
I've been googling for quite some time, but still can't find anything near it...my problem is the following:
for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I... (4 Replies)
Discussion started by: poli
4 Replies
2. UNIX for Dummies Questions & Answers
Folks;
Can any one give me a hand on how to use LDAP for authentication in Solaris to allow all & authenticate all users when login into my Solaris UNIX server.
Thanks in advance (3 Replies)
Discussion started by: Katkota
3 Replies
3. Red Hat
I can't seem to make sense of this.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga)
$
$ mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies
4. Emergency UNIX and Linux Support
Hi all
We have squid-2.5.STABLE11-3.FC4 running in our environment.
LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies
5. UNIX for Dummies Questions & Answers
hi, i'm running openldap on ubuntu 10.04, creating new items with apache directory studio (windows version).
i use the ldap just as an address book to our small office (email clients are windows live mail 2009, 2011, microsoft outlook 2007 and 2010).
a. i cant see a list of the contacts,... (0 Replies)
Discussion started by: V4705
0 Replies
6. UNIX and Linux Applications
I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation.
Below are the details -
================
LDIF entry for OndotAPI group
dn: cn=OndotAPI,ou=Groups,o=CNS
changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies
7. Web Development
trying to implement authz to a webpage using require ldap-group. It works, except I need to do apachectl restart before the server will observe an add or a delete to the group.
Seems like apache is acquiring the group membership at startup & caching it.
It's a static group.
I have apache... (0 Replies)
Discussion started by: maraixadm
0 Replies
8. UNIX for Advanced & Expert Users
Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX?
I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies
9. UNIX for Beginners Questions & Answers
Can not find info on how to install on LDAP on a Solaris 10. (0 Replies)
Discussion started by: zbest1966
0 Replies
LEARN ABOUT SUSE
alter_group
ALTER
GROUP(7) SQL Commands ALTER GROUP(7)
NAME
ALTER GROUP - change role name or membership
SYNOPSIS
ALTER GROUP groupname ADD USER username [, ... ]
ALTER GROUP groupname DROP USER username [, ... ]
ALTER GROUP groupname RENAME TO newname
DESCRIPTION
ALTER GROUP changes the attributes of a user group. This is an obsolete command, though still accepted for backwards compatibility,
because groups (and users too) have been superseded by the more general concept of roles.
The first two variants add users to a group or remove them from a group. (Any role can play the part of either a ``user'' or a ``group''
for this purpose.) These variants are effectively equivalent to granting or revoking membership in the role named as the ``group''; so the
preferred way to do this is to use GRANT [grant(7)] or REVOKE [revoke(7)].
The third variant changes the name of the group. This is exactly equivalent to renaming the role with ALTER ROLE [alter_role(7)].
PARAMETERS
groupname
The name of the group (role) to modify.
username
Users (roles) that are to be added to or removed from the group. The users must already exist; ALTER GROUP does not create or drop
users.
newname
The new name of the group.
EXAMPLES
Add users to a group:
ALTER GROUP staff ADD USER karl, john;
Remove a user from a group:
ALTER GROUP workers DROP USER beth;
COMPATIBILITY
There is no ALTER GROUP statement in the SQL standard.
SEE ALSO
GRANT [grant(7)], REVOKE [revoke(7)], ALTER ROLE [alter_role(7)]
SQL - Language Statements 2010-05-14 ALTER GROUP(7)