Does the LDAP query system not have access to the bind credentials it
needs to pull the groups when not running as root?
--Ted
On 6/30/2011 9:56 AM, Jan L. Peterson wrote:
On 06/30/2011 05:58 AM, Patrick Cable wrote:
Both traces go to LDAP to query the user just fine. Just, doing it
su'ed to the user returns a getgroups() with 8 entries and doing it as
the user returns a getgroups() with one entry. On the strace that
returns all groups, there is a bunch of extra LDAP querying to map
group ID numbers to names.
Yes, I saw this in the first traces you posted. In one, the
getgroups(0, NULL) call returned 1, in the other it returned 8.
Can you turn up any kind of debugging/logging on the LDAP server itself,
or maybe sniff the connection, and see what the actual queries that go
from the machine to the LDAP server are?
(With apologies to Jan for getting this twice since I am a giant
turkey who cant mash "reply to all" successfully)
No sweat. :-)
-jan-
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
