Your message dated Sat, 07 Dec 2013 14:03:14 +0100 with message-id <1386421394.20019.3.camel@sorbet.thuis.net> and subject line Re: Bug#427497: libnss-ldap doesn't find all groups has caused the Debian Bug report #427497, regarding libnss-ldap doesn't find all groups as root to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 427497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427497 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: libnss-ldap doesn't find all groups
- From: Henry Jensen <hjensen@gmx.de>
- Date: Mon, 4 Jun 2007 14:38:31 +0000
- Message-id: <20070604143831.GA93@deli.iww-test.local>
Package: libnss-ldap Version: 251-7.5 Severity: important libnss-ldap doesn't seem to get all groups from ldap. E. g. when I do as user: $ id -G 513 1027 1029 1073 1112 14091 19901 22150 43236 55873 60223 But when I do as root: # id -G user 513 22150 43236 19901 1027 1029 1073 1112 As you can see some groups are missing in the second request. This happens after the upgrade from Sarge to Etch. It has wider effects in the sense that e. g. Group-ACLs in Samba are no longer working in some cases. It also seems that only newer groups which were added after the upgrade to Etch are affected. Here are some relevant parts of config files: /etc/nsswitch.conf: passwd: compat ldap group: compat ldap shadow: compat ldap /etc/libnss_ldap.conf: host 192.168.1.12 192.168.1.17 base dc=test,dc=de ldap_version 3 rootbinddn cn=admin,dc=test,dc=de /etc/ldap/slapd.conf from the ldap server: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 modulepath /usr/lib/ldap moduleload back_bdb backend bdb checkpoint 512 30 database bdb suffix "dc=test,dc=de" directory "/var/lib/ldap" index objectClass eq lastmod on access to attrs=userPassword by dn="cn=admin,dc=test,dc=de" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=test,dc=de" write by * read ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
--- End Message ---
--- Begin Message ---
- To: Henry Jensen <hjensen@gmx.de>, 427497-done@bugs.debian.org
- Subject: Re: Bug#427497: libnss-ldap doesn't find all groups
- From: Arthur de Jong <adejong@debian.org>
- Date: Sat, 07 Dec 2013 14:03:14 +0100
- Message-id: <1386421394.20019.3.camel@sorbet.thuis.net>
- Reply-to: 427497@bugs.debian.org
- In-reply-to: <20070604143831.GA93@deli.iww-test.local>
- References: <20070604143831.GA93@deli.iww-test.local>
On Mon, 2007-06-04 at 14:38 +0000, Henry Jensen wrote: > $ id -G > 513 1027 1029 1073 1112 14091 19901 22150 43236 55873 60223 > > But when I do as root: > > # id -G user > 513 22150 43236 19901 1027 1029 1073 1112 There is a difference between "id -G" and "id -G user". The former returns the effective groups, the latter the assigned groups. If you login on the console (or desktop manager) you are usually assigned extra groups. If you can still reproduce this problem and can provide some extra information, feel free to re-open this bug. Thanks, -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---