Login or Register to Ask a Question and Join Our Community


Solaris

Solaris LDAP group problem

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris LDAP group problem
# 1  
Old 03-23-2014
Solaris LDAP group problem
I have a test environment which is running RedHat 6.5 Identity management. On the lab network are two Solaris 10 (U11) machines. I can successfully log into the S10 machines using the ldap username/passwords. However, I have a problem with groups and although I found through an internet search one person who had the exact same problem back in 2009, there was not solution.

On the S10 machine, the only group listed for a user is his/her primary group. If you do "groups username," it returns only the primary group. If you do "id -a username," it also returns only the primary group. Yet if you do "ldaplist -l group \*" you get the entire list of groups with all of the users. And users only get access to directories for which their primary group has rights.

I suspect this is a small configuration thing (probably in ldap_client_file), but I can't find an answer.
# 2  
Old 03-23-2014
Show us contents of /etc/nsswitch.conf.
# 3  
Old 03-23-2014
The relevant entries are:
passwd: files ldap
group: files ldap

Everything else except hosts (files dns) is set to files.
# 4  
Old 03-26-2014
SOLVED Solaris LDAP group problem
Replacing this line in /var/ldap/ldap_client_file

Code:
NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=accounts,dc=aaa,dc=bbb,dc=dddd,dc=eee

with

Code:
NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=aaa,dc=bbb,dc=ddd,dc=eee

solved the problem. Note the change from "accounts" to "compat."
Last edited by bartus11; 03-26-2014 at 03:44 PM.. Reason: Please use [code][/code] tags.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

How install LDAP on a Solaris 10?

Can not find info on how to install on LDAP on a Solaris 10. (0 Replies)
Discussion started by: zbest1966
0 Replies

2. UNIX for Advanced & Expert Users

AD Group Policy Management and Kerberos / LDAP

Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX? I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies

3. Web Development

Getting apache to see a LDAP group membership change

trying to implement authz to a webpage using require ldap-group. It works, except I need to do apachectl restart before the server will observe an add or a delete to the group. Seems like apache is acquiring the group membership at startup & caching it. It's a static group. I have apache... (0 Replies)
Discussion started by: maraixadm
0 Replies

4. UNIX and Linux Applications

LDAP Group query

I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation. Below are the details - ================ LDIF entry for OndotAPI group dn: cn=OndotAPI,ou=Groups,o=CNS changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies

5. UNIX for Dummies Questions & Answers

new to ldap, send email to a ou or group, and see a list from email client

hi, i'm running openldap on ubuntu 10.04, creating new items with apache directory studio (windows version). i use the ldap just as an address book to our small office (email clients are windows live mail 2009, 2011, microsoft outlook 2007 and 2010). a. i cant see a list of the contacts,... (0 Replies)
Discussion started by: V4705
0 Replies

6. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

7. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

8. UNIX for Dummies Questions & Answers

LDAP on Solaris help

Folks; Can any one give me a hand on how to use LDAP for authentication in Solaris to allow all & authenticate all users when login into my Solaris UNIX server. Thanks in advance (3 Replies)
Discussion started by: Katkota
3 Replies

9. Solaris

entry in /etc/group too long - problem using sudo with %group

hi folks, I've been googling for quite some time, but still can't find anything near it...my problem is the following: for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I... (4 Replies)
Discussion started by: poli
4 Replies
Login or Register to Ask a Question