-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 baptiste wrote: > Hi , > > I use openldap, nss_ldap and pam_ldap for autentification. > All work OK exceptly one point : > > When users are member of many groups (40) , the system only take care of the > 30 first groups ! > Of course, this users can't acces to files owned by the 10 last groups :( >
Why do you use so many groups? Do you know NFS will only use the first 15 (I bump into that sometimes) at present? I am in 22 groups, and it shows them all to me. > [EMAIL PROTECTED] tmp]# id titi > ...... that shows me all the group of "titi" so it's OK > Do any of the groups exist in the local /etc/group file? > but when i do that: > [EMAIL PROTECTED] tmp]# su titi > [EMAIL PROTECTED] tmp]$ id > ...... that d'ont show me all the groups of titi !!!! > > > I don't use ssl or sasl > I don't use ACL in my slapd.conf > I'have no sizelimit or timelimit in LDAP > I don't use nscd (when i use it, the problem doesn't disapear) > My nsswitch.conf seems to be OK : > passwd: files ldap > shadow: files ldap > group: files ldap > > > What is the problem ? > > Thanks :) > > PS: the rpm installed on my machine: > openldap-clients-2.0.25-7mdk > samba-common-ldap-2.2.7-1.1mdk > openldap-servers-2.0.25-7mdk > libldap2-2.0.25-7mdk > openldap-2.0.25-7mdk > samba-server-ldap-2.2.7-1.1mdk > nss_ldap-204-2mdk > pam_ldap-161-2mdk PLEASE, upgrade your samba at least, there are vulnerabilities in releases prior to 2.2.8a (someone on the samba list has just reported an exploit found in the wild which exploits the vulnerability fixed in 2.2.8a). Packages with ldap support are provided for Mandrake 8.0-9.1 on the samba FTP mirrors for this reason! You can setup at http://plf.zarb.org/~nanardon/?minor=1 , choose a "Sambaldap" medium. There are also updates for openldap that fix some other minor usability issues. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+6JIXrJK6UGDSBKcRAv2iAJ4w4vr64sqX/+I+GWTQbcUgUjg2SgCgyaIw fpDNmp1+VJMNeCzJRlzfnvw= =PYVH -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ******************************************************************
