[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-06-28 Thread Thomas Schweikle
It seems fixed since. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/771698 Title: /usr/bin/id does not show ldap groups To manage notifications about this bug go to: https://b

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-06-28 Thread Thomas Schweikle
Bugreport can be closed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/771698 Title: /usr/bin/id does not show ldap groups To manage notifications about this bug go to: https:

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-06-27 Thread Launchpad Bug Tracker
[Expired for libnss-ldap (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libnss-ldap (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-04-28 Thread Thomas Schweikle
If I search ldap using "ldapsearch" I do get all defined groups and users. Accessing ldap via "getent (passwd|group)" I do again get all groups or users. using "id" does not give back all groups a user belongs to. The system behaves, as if there are only local groups available. -- You received

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-04-28 Thread Thomas Schweikle
> The fact that id shows fewer groups is not a security issue > -- the user should have fewer privileges than with the > intended ldap groups. This is only correct as long as belonging to a group grants additional rights. It is not correct any more if belonging to a group revoked rights. The user

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-04-28 Thread Thomas Schweikle
** Attachment added: "various configuration files used by pam and ldap" https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/771698/+attachment/2092558/+files/config.tgz -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-l

[Bug 771698] Re: /usr/bin/id does not show ldap groups

2011-04-27 Thread Jamie Strandboge
I am unmarking this as a security issue. If a user is a part of a group that is listed in getent, the user is supposed to be in that group and any DAC checks should be checking for that. The fact that id shows fewer groups is not a security issue-- the user should have fewer privileges than with th