Clients not recognizing secondary LDAP groups?

Posted by Nick on Server Fault See other posts from Server Fault or by Nick
Published on 2012-04-09T02:24:12Z Indexed on 2012/04/09 5:33 UTC
Read the original article Hit count: 546

Filed under:

ldap

|

ubuntu-10.04

|

pam

|

groups

I'm having an issue where users who are members of secondary groups in LDAP are not being recognized as members of that group by the client. In this case, user jdoe is not being recognized as a member of the projects group.

On the client, getent group shows:

projects:*:20001:1001,1002,1003,1004,1005,1006

and getent passwd shows:

jdoe:x:1003:10003:John Doe:/home/jdoe:/bin/bash

But if I log in to the client as jdoe, and run id, I get:

uid=1003(jdoe) gid=10003(jdoe) groups=24(cdrom),25(floppy),29(audio),44(video),46(plugdev),10003(jdoe)

It recognizes jdoe's primary group, and the secondary groups that are appended by the client to all LDAP users, but the LDAP secondary groups are not in the list. We can see that jdoe's id is in the projects group, so why is the projects group not showing when jdoe runs the id command?

The group objects are basic posixGroup entries, with a memberUid attribute for each of its members.

We are using OpenLDAP on Ubuntu 10.04 server and clients.

© Server Fault or respective owner

Related posts about ldap

NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Ubuntu 12.04 Preseed LDAP Config

as seen on Server Fault - Search for 'Server Fault'
I'm trying to deploy Ubuntu 12.04 via xCAT, everything works except the automatic configuration of LDAP, the preseed file is read but the file /etc/nsswitch is not written properly. My Preseed File: [...] ### LDAP Setup nslcd nslcd/ldap-bindpw password ldap-auth-config ldap-auth-config/bindpw password ldap-auth-config… >>> More
NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Apache+LDAP auth on Ubuntu says "Can't contact LDAP server" while ldapsearch is perfect

as seen on Server Fault - Search for 'Server Fault'
Hi Gurus, I'm migrating from an existing apache+LDAP+mysql+php server to a new hardware platform. Old server is running Debian Lenny, which I have no config documentation available (was done by previous sysadmin); New server is running Ubuntu 10.04.2 LTS 32bit. After installing Apache and configured… >>> More
Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

as seen on Stack Overflow - Search for 'Stack Overflow'
Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security… >>> More

Related posts about ubuntu-10.04

Cannot access Ubuntu 10/04 after reinstalling Windows

as seen on Super User - Search for 'Super User'
I had Windows Vista Home Premium on HP pavilion desktop. I partitioned the disk for Ubuntu and a swap disk partition and then I installed Ubuntu 10.04. When I would start my computer, I would be given a choice to start Windows or Ubuntu. Today I reinstalled Windows, and now the menu has disappeared… >>> More
Dual head setup for Ubuntu 10.04.1 and Windows XP Pro with same hardware configuration

as seen on Super User - Search for 'Super User'
Hello. I have a Dell OptiPlex 360 workstation at work, with 2 x ATI RV280 [Radeon 9200 PRO] graphics cards installed, which are attached to two identical 19" HII flat panel monitors. I'm using the open source Radeon driver with Ubuntu, and the proprietary drivers with Windows. The good news is that… >>> More
ifup eth0 failed in Ubuntu 11.10 and Ubuntu 10.04.3

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
ifup eth0 failed to bring up eth0 First, I have set static ip using the below commands: Commands: ifdown eth0 ifconfig eth0 X.X.X.X netmask 255.255.252.0 up route add default gw X.X.X.X I was successful in setting up static ip X.X.X.X and I could see the same in the output of command "ifconfig"… >>> More
very long boot up with Ubuntu 10.04.4

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed Ubuntu 10.04.3 on Atom. Then I do the update and upgrade with: #apt-get update #apt-get upgrade #apt-get dist-upgrade The system can boot up now but in almost 2 minutes. After power on and system test, it will stop at "Verifying DMI pool data" for 10 seconds before the GRUB menu comes… >>> More
configuring two network interfaces in ubuntu 10.04.1

as seen on Server Fault - Search for 'Server Fault'
I have got two NICs configured on a VM - each is tied to a specific network, one is a DMZ, the other is an internal network. I want MySQL to listen on the internal network only and Apache on the DMZ listening for HTTP and HTTPS. But as soon as I add the second interface I run into trouble. I can… >>> More