Arthur de Jong wrote:
On Tue, 2008-05-06 at 19:05 +0200, Bas van der Vlies wrote:
Just found out there is a 'netgroup'' command here is the info:
# netgroup -u bas
#
no output
nslcd: DEBUG: connection from pid=5383 uid=0 gid=0
nslcd: DEBUG: nslcd_netgroup_byname(bas)
nslcd: DEBUG: myldap_search(base="dc=hpcv,dc=sara,dc=nl", filter="(&
(objectClass=nisNetgroup)(cn=bas))")
nslcd: DEBUG: connection from pid=5383 uid=0 gid=0
nslcd: DEBUG: nslcd_netgroup_byname((-,bas,-))
nslcd: DEBUG: myldap_search(base="dc=hpcv,dc=sara,dc=nl", filter="(&
(objectClass=nisNetgroup)(cn=\28-,bas,-\29))")
I guess this is a bug in nss-ldapd. It seems the getnetgrent() function
is used for more than just looking up a netgroup by name (or perhaps the
NSS internal function by that name is overloaded). I'll try to dig into
this a little.
Just to get everything clear, sorry_lisa is a name of a netgroup on
your system? Also, could you send me your /etc/nsswitch.conf and
indicate where the bas user is configured (LDAP, /etc/passwd
otherwise)?
Yes 'sorry_lisa' is a netgroup on my systeem and a rather big one. So i
also create a netgroup 'bas' with some test some users.
I have found the problem. I am using 'memberNisNetgroup' atrribute. If i
use the 'nisNetgroupTriple' attribute it is working. In NIS you can
specifiy groups and triples to nisnetgroup. So the padl nss-ldap library
handles this correctly and nss-ldapd/netgroup utility only parses the
'nisNetgroupTriple' attribute.
--
--
********************************************************************
* *
* Bas van der Vlies e-mail: [EMAIL PROTECTED] *
* SARA - Academic Computing Services phone: +31 20 592 8012 *
* Kruislaan 415 fax: +31 20 6683167 *
* 1098 SJ Amsterdam *
* *
********************************************************************
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
