-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 25 Apr 2005, Don Brearley wrote:
Hello,
I am having some problems with OpenLDAP 2.2.25 and FreeBSD 5.3.
I can currently authenticate against my ldap db, and utilities like id and chown work with no problem.
The problem is gid to group name mapping. In my ldif files, I can have a "uid" entry and a "uidNumber" entry. It would look something like this:
uid: testuser uidNumber: 2001
and that works. I cannot have a group entry of the same.
gid: testgroup gidNumber: 2001
OpenLDAP would complain that it couldn't read this file properly.. not until the "gid:testgroup" entry was removed.
When I attempt to use an app like "chown" I have to specify the actual gid number, eg:
chown -R testuser:2001 /home/testuser
I was wondering if anyone had found a way to have it so that you could just enter it by name, and not by number. eg:
chown -R testuser:testgroup /home/testuser
Obviously I would have to add a gid entry in my schema file, but I am left wondering why this isn't already in there.. I dont want to spend a few hours trying to re-invent the wheel when there is already a reason for it to not be in there.
Any help or light on this situation is deeply appreciated. If you need more information, please let me know and I shall provide it.
Hi,
i have authentication against OpenLDAP running a long time now and did not experience such a thing.
I have splittet the user and group informations in two separate tree's.
An example user and the group entry look like this:
- --- the user uid=testuser,ou=People,dc=domain,dc=tld objectClass: top objectClass: posixAccount uidNumber: 2001 gecos: Test User loginShell: /bin/tcsh uid: testuser cn: Test User gidNumber: 2001 homeDirectory: /home/testuser userPassword: some_password
- --- the group dn: cn=testgroup,ou=Group,dc=domain,dc=tld objectClass: posixGroup objectClass: top cn: testgroup userPassword: * gidNumber: 2001 description: Local Unix group
if you configure nss_ldap to the following you will be able to chown(8) with names instead of numbers and id(1) should give you names for the groups too.
- --- nss_ldap.conf nss_base_passwd ou=People,dc=domain,dc=tld?one nss_base_group ou=Group,dc=domain,dc=tld?one
if i understand your comments right, you have tried to add an "gid" attribute to the user account with objectClass posixAccount, but this will not work. only the numeric gidNumber is allowed for this objectClass. it behaves like flat unix passwd(5) and group(5) files where the numeric gidNumber is stored in passwd(5) and this number is resolved using the group(5) file.
please think about it ;-) and try the things above Joerg
- -- The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCbTOrSPOsGF+KA+MRAioiAJ4oSK/EupIQphRIneHcbWSHJ6YcHgCgx1wf EHGs1oXINk95wgKc0IKW75A= =lneJ -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
