[Fedora-directory-users] Fwd: group mapping issue

Brandon Young bkyoung at gmail.com
Tue Jan 23 22:30:58 UTC 2007 

Alright, I solved the problem.  And for the sake of others who may
follow in my wake, here's the answer:

When you create the group, you must add the objectclass type
posixGroup (which then allows define the group number, which is where
you get the gid to group name mapping).

1. Open Directory Server COnsole
2. Click the Directory tab
3. Expand your base dn
4. Highlight Groups
5. In the right pane, right click and select add group
6. Click the advanced tab
7. Click in one of the fields where it says Object class (top or
groupofuniquenames)
8. Click Add Value
9. Select posixGroup, then OK
10. Now you have a field gidnumber, which you can fill in.

I'm sure there's a good reason why this isn't included by default
during group creation, but I can't think of it right now.  I suppose
it would be kind of a pain if you weren't trying to create a posix
group but were required to provide such information as gidnumber.

---------- Forwarded message ----------
From: Brandon Young <bkyoung at gmail.com>
Date: Jan 23, 2007 3:20 PM
Subject: group mapping issue
To: Fedora-directory-users at redhat.com


I have recently attempted to set up a Fedora Directory Server for
evaluation as a replacement for NIS.  Overall, the set up process was
pretty painless.  I spent some time reading the Installation Guide,
Administrator's Guide, and Deployment Guide beforehand.  Additionally,
I tracked down this wonderful guide
(http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-26072006.html)
which seemed like exactly what I needed.

I am trying to (ultimately) set up a directory service which provides
user authentication for Linux and OS X clients.

The problem I have run in to is the following: when I issue the
command `ls`, I see the following:
~$ ls -l
total 1
drwxr-xr-x   2 bky 1676 336 Jan 23 09:12 Desktop
drwxr-xr-x   4 bky 1676 216 Jan 17 10:24 Documents
drwx------  19 bky 1676 544 Jan 22 12:19 Library
drwxr-xr-x   2 bky 1676  48 Jan 17 08:33 Movies
drwxr-xr-x   3 bky 1676  72 Jan 17 09:45 Music
drwxr-xr-x   2 bky 1676  48 Jan 17 08:30 Pictures
drwxrwxr-x   2 bky 1676  96 Dec 20 14:29 bin
drwxrwxr-x   3 bky 1676  72 Dec 20 15:53 svn
drwxr-xr-x   2 bky 1676  48 Jan 17 09:48 vmware
~$


if I issue the 'groups' command for the user, it tells me:

# groups bky
id: cannot find name for group ID 1676
#

So, it seems obvious to me that group mappings are not configured
correctly.  On the client side, I am using a CentOS 4.4 machine,
configured to use ldap using system-config-authentication, and further
tweaking /etc/ldap.conf values for nss_base_passwd, nss_base_shadow,
and nss_base_group.  Further, in digging through the mailing list
archives I found a suggestion to make sure pam_member_attribute was
set to uniqueMember -- which I tried, to no avail.  I also tried
starting nscd which does not fix it (but I didn't really feel like
that was the problem, anyway).

I will further mention here that the ldap-client package is installed
and I have not tried to configure SSL or TLS, yet.

So, with that in mind ... what very obvious thing am I missing?  Has
anyone seen and resolved this issue for themselves?  Any help would be
greatly appreciated.

--
Brandon


-- 
Brandon

More information about the Fedora-directory-users mailing list