[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lack of groups sync



Solved this one myself.

Turns out that the scripts we were using to generate new LDAP users were
not doing so according to our schema.  Moral: make sure that your
database is self-consistent!

John

John Miller wrote:

>Hello all,
>
>Recently we migrated our web/NFS server to LDAP from /etc/passwd &
>/etc/group.  Ever since the migration, in which we performed a mass
>purge of usernames, my boss's list of groups has been out of sync with
>the rest of the usernames on the server.  For example:
>
>me@webserver: id <boss>
>
>returns my boss's full list of groups.
>
>Similarly,
>
>otheruser@webserver: id <boss>
>
>returns the proper list of groups as well.  In this case, I've tried
>root and several non-privileged users for "otheruser" -- all give the
>correct list of groups.
>
>However,
>
>boss@webserver: id
>
>does not return the correct list of groups.  Furthermore, 'getent group'
>returns the proper list of groups, regardless of who runs it.
>
>Can someone advise me on this?  It's not a good idea for my boss to edit
>web files as root....
>
>Addl info: we're running nscd, which I have restarted on numerous occasions.
>
>Thanks!
>John
>
>
>  
>



Reply to: