[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Problems with nss_ldap and group membership

From: Gary Molenkamp <gary sharcnet ca>
To: fedora-test-list redhat com
Subject: Problems with nss_ldap and group membership
Date: Fri, 7 May 2004 09:58:26 -0400 (EDT)

I'm testing nss_ldap under FC2t3 and have run into a problem with using 
groups under nss_ldap.

In my ldap server I have:
	
	cn=A,ou=Person,dc=exmaple,dc=com
	uidNumber: 130000
	gidNumber: 130000

	cn=A,ou=Group,dc=exmaple,dc=com
	gidNumber: 130000

	cn=App_users,ou=Group,dc=exmaple,dc=com
	gidNumber: 1000
	MemberUID: 130000

I have nsswitch.conf, /etc/pam.d/sshd configured to allow logins, etc.
Such that:
	getent passwd A
	A:x:130000:500::/home/A:/bin/bash

	getent group A
	A:x:130000:

	getent group App_user
	App_user:x:1000:130000

The problem is for file access control based on group membership. ie:

	drxwrxw---   root  App_users   /tmp/testing/

is not searchable by user A.  Changing group membership of the directory 
to A's primary group works, as does changing ownership of the directory to 
A.

Have I missed something?

-- 
Gary Molenkamp			SHARCNET
Systems Administrator		University of Western Ontario
gary sharcnet ca		http://www.sharcnet.ca
(519) 661-2111 x88429		(519) 661-4000

Follow-Ups:
- Re: Problems with nss_ldap and group membership
  - From: Nalin Dahyabhai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]