Problems with nss_ldap and group membership
Gary Molenkamp
gary at sharcnet.ca
Fri May 7 13:58:26 UTC 2004
I'm testing nss_ldap under FC2t3 and have run into a problem with using
groups under nss_ldap.
In my ldap server I have:
cn=A,ou=Person,dc=exmaple,dc=com
uidNumber: 130000
gidNumber: 130000
cn=A,ou=Group,dc=exmaple,dc=com
gidNumber: 130000
cn=App_users,ou=Group,dc=exmaple,dc=com
gidNumber: 1000
MemberUID: 130000
I have nsswitch.conf, /etc/pam.d/sshd configured to allow logins, etc.
Such that:
getent passwd A
A:x:130000:500::/home/A:/bin/bash
getent group A
A:x:130000:
getent group App_user
App_user:x:1000:130000
The problem is for file access control based on group membership. ie:
drxwrxw--- root App_users /tmp/testing/
is not searchable by user A. Changing group membership of the directory
to A's primary group works, as does changing ownership of the directory to
A.
Have I missed something?
--
Gary Molenkamp SHARCNET
Systems Administrator University of Western Ontario
gary at sharcnet.ca http://www.sharcnet.ca
(519) 661-2111 x88429 (519) 661-4000
More information about the fedora-test-list
mailing list