Solaris LDAP group problem Post: 302894047

Sponsored Content

Operating Systems Solaris Solaris LDAP group problem Post 302894047 by cjhilinski on Sunday 23rd of March 2014 10:41:40 AM

03-23-2014

Registered User

Solaris LDAP group problem

I have a test environment which is running RedHat 6.5 Identity management. On the lab network are two Solaris 10 (U11) machines. I can successfully log into the S10 machines using the ldap username/passwords. However, I have a problem with groups and although I found through an internet search one person who had the exact same problem back in 2009, there was not solution.

On the S10 machine, the only group listed for a user is his/her primary group. If you do "groups username," it returns only the primary group. If you do "id -a username," it also returns only the primary group. Yet if you do "ldaplist -l group \*" you get the entire list of groups with all of the users. And users only get access to directories for which their primary group has rights.

I suspect this is a small configuration thing (probably in ldap_client_file), but I can't find an answer.

cjhilinski

View Public Profile for cjhilinski

Find all posts by cjhilinski

9 More Discussions You Might Find Interesting

1. Solaris

entry in /etc/group too long - problem using sudo with %group

hi folks, I've been googling for quite some time, but still can't find anything near it...my problem is the following: for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I...

2. UNIX for Dummies Questions & Answers

LDAP on Solaris help

Folks; Can any one give me a hand on how to use LDAP for authentication in Solaris to allow all & authenticate all users when login into my Solaris UNIX server. Thanks in advance

3. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on...

4. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group....

5. UNIX for Dummies Questions & Answers

new to ldap, send email to a ou or group, and see a list from email client

hi, i'm running openldap on ubuntu 10.04, creating new items with apache directory studio (windows version). i use the ldap just as an address book to our small office (email clients are windows live mail 2009, 2011, microsoft outlook 2007 and 2010). a. i cant see a list of the contacts,...

6. UNIX and Linux Applications

LDAP Group query

I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation. Below are the details - ================ LDIF entry for OndotAPI group dn: cn=OndotAPI,ou=Groups,o=CNS changetype: add ...

7. Web Development

Getting apache to see a LDAP group membership change

trying to implement authz to a webpage using require ldap-group. It works, except I need to do apachectl restart before the server will observe an add or a delete to the group. Seems like apache is acquiring the group membership at startup & caching it. It's a static group. I have apache...

8. UNIX for Advanced & Expert Users

AD Group Policy Management and Kerberos / LDAP

Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX? I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow...

9. UNIX for Beginners Questions & Answers

How install LDAP on a Solaris 10?

Can not find info on how to install on LDAP on a Solaris 10.

LEARN ABOUT REDHAT

create_group

CREATE 
GROUP(7) 						   SQL Commands 						   CREATE GROUP(7)

NAME

       CREATE GROUP - define a new user group

SYNOPSIS

       CREATE GROUP name [ [ WITH ] option [ ... ] ]

       where option can be:

	    SYSID gid
	  | USER  username [, ...]

   INPUTS
       name   The name of the group.

       gid    The SYSID clause can be used to choose the PostgreSQL group id of the new group. It is not necessary to do so, however.

	      If this is not specified, the highest assigned group id plus one, starting at 1, will be used as default.

       username
	      A list of users to include in the group. The users must already exist.

   OUTPUTS
       CREATE GROUP
	      Message returned if the command completes successfully.

DESCRIPTION

       CREATE  GROUP  will create a new group in the database installation.  Refer to the Administrator's Guide for information about using groups
       for authentication.  You must be a database superuser to use this command.

       Use ALTER GROUP [alter_group(7)] to change a group's membership, and DROP GROUP [drop_group(7)] to remove a group.

USAGE

       Create an empty group:

       CREATE GROUP staff;

       Create a group with members:

       CREATE GROUP marketing WITH USER jonathan, david;

COMPATIBILITY

   SQL92
       There is no CREATE GROUP statement in SQL92.  Roles are similar in concept to groups.

SQL - Language Statements					    2002-11-22							   CREATE GROUP(7)