I am unmarking this as a security issue. If a user is a part of a group that is listed in getent, the user is supposed to be in that group and any DAC checks should be checking for that. The fact that id shows fewer groups is not a security issue-- the user should have fewer privileges than with the intended ldap groups.
Also, for a developer to help with this, please attach your pam configuration and nsswitch.conf as a start. ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Changed in: libnss-ldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771698 Title: /usr/bin/id does not show ldap groups -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs