On Tue, 2008-04-29 at 10:32 +0200, Markus Hochholdinger wrote: > yesterday i had a very similar problem. With > id $user > i didn't get all the groups the user is in. Logged in as $user > id > returns all the groups. It took me a while to notice that only newly created > groups (and not groups with highest group id) weren't displayed with "id > $user".
I don't think this is the same issue as the original bug report (unless there were 92 groups in /etc/group). > For me it turns out that the "sizelimit 500" option in slapd.conf was too low > for my setup. Increasing the sizelimit helped me (it seems i exceed now 500 > groups). > > In contrast, twiddling with the "pagesize" in /etc/libnss-ldap.conf didn't > helped much. If also set to 500 i didn't get any groups with id $user anymore > except his default group. (Where can i find detailed explanation of this > pagesize option?) The nss-ldapd.conf(5) manual page lists some settings that you should probably make in slapd.conf if you have very large number of entries in your database. > So my assumption is, that if you log in as $user all groups where particular > checked for membership so you are effectiv in all groups. And with "id $user" > all groups where get and after that the membership is checked within the > result. This assumption is basically correct, but I think it depends on the version of Glibc and GNU coreutils. Running id without arguments lists the current secondary groups and with a user arguments does NSS lookups to find out which groups would be set. If you log in a different method to determine the groups of a user is used than if you run id. I seem to recall that id would use the same method under some circumstances but can't reproduce that at the moment. Anyway, thanks for using nss-ldapd and thanks for your email. -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
