nss_ldap seems to not work

Anthony Pankov ap00 at mail.ru
Tue Nov 8 08:01:05 UTC 2016 

Greetings.

nss_ldap seems to not work correctly at least at FreeBSD 10.3.

Two  configurations
1. FreeBSD 9.2
2. FreeBSD 10.3
sharing  nss_ldap  settings  and  using  the  same  LDAP  tree (DIT) produce
different results.

At    FreeBSD   10.3   nss_ldap  can't  enumerate  supplementary  user
groups.

Example:
FreeBSD 9.2:
                # id user1
                 ... groups=basegroup,gr1,gr2,gr3
FreeBSD 10.3:
                # id user1
                 ... groups=basegroup

The  effect is inadequate result of initgroups() calling which lead to
various side effects with permissions.

P.S.  Interesting  fact.  At  FreeBSD  10.3 pw utility produce correct
result:
        #pw usershow user1
        ... groups=basegroup,gr1,gr2,gr3

-- 
Best regards,
 Anthony                          mailto:ap00 at mail.ru

More information about the freebsd-hackers mailing list