Re: Lack of groups sync
Solved this one myself.
Turns out that the scripts we were using to generate new LDAP users were
not doing so according to our schema. Moral: make sure that your
database is self-consistent!
John
John Miller wrote:
>Hello all,
>
>Recently we migrated our web/NFS server to LDAP from /etc/passwd &
>/etc/group. Ever since the migration, in which we performed a mass
>purge of usernames, my boss's list of groups has been out of sync with
>the rest of the usernames on the server. For example:
>
>me@webserver: id <boss>
>
>returns my boss's full list of groups.
>
>Similarly,
>
>otheruser@webserver: id <boss>
>
>returns the proper list of groups as well. In this case, I've tried
>root and several non-privileged users for "otheruser" -- all give the
>correct list of groups.
>
>However,
>
>boss@webserver: id
>
>does not return the correct list of groups. Furthermore, 'getent group'
>returns the proper list of groups, regardless of who runs it.
>
>Can someone advise me on this? It's not a good idea for my boss to edit
>web files as root....
>
>Addl info: we're running nscd, which I have restarted on numerous occasions.
>
>Thanks!
>John
>
>
>
>
Reply to: