On 06/30/2011 05:58 AM, Patrick Cable wrote:
> Both traces go to LDAP to query the user just fine. Just, doing it
> su'ed to the user returns a getgroups() with 8 entries and doing it as
> the user returns a getgroups() with one entry. On the strace that
> returns all groups, there is a bunch of extra LDAP querying to map
> group ID numbers to names.
Yes, I saw this in the first traces you posted. In one, the
getgroups(0, NULL) call returned 1, in the other it returned 8.
Can you turn up any kind of debugging/logging on the LDAP server itself,
or maybe sniff the connection, and see what the actual queries that go
from the machine to the LDAP server are?
> (With apologies to Jan for getting this twice since I am a giant
> turkey who cant mash "reply to all" successfully)
No sweat. :-)
-jan-
--
Jan L. Peterson
http://www.peterson-tech.com/~jlp/
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
