Hi, yesterday i had a very similar problem. With id $user i didn't get all the groups the user is in. Logged in as $user id returns all the groups. It took me a while to notice that only newly created groups (and not groups with highest group id) weren't displayed with "id $user".
For me it turns out that the "sizelimit 500" option in slapd.conf was too low for my setup. Increasing the sizelimit helped me (it seems i exceed now 500 groups). In contrast, twiddling with the "pagesize" in /etc/libnss-ldap.conf didn't helped much. If also set to 500 i didn't get any groups with id $user anymore except his default group. (Where can i find detailed explanation of this pagesize option?) So my assumption is, that if you log in as $user all groups where particular checked for membership so you are effectiv in all groups. And with "id $user" all groups where get and after that the membership is checked within the result. I don't know if this matches exactly the reported problem, but perhaps its useful for someone else. -- greetings eMHa
pgppRpABMqXx2.pgp
Description: PGP signature
