nss_ldap seems to not work
Anthony Pankov
ap00 at mail.ru
Tue Nov 8 08:01:05 UTC 2016
Greetings.
nss_ldap seems to not work correctly at least at FreeBSD 10.3.
Two configurations
1. FreeBSD 9.2
2. FreeBSD 10.3
sharing nss_ldap settings and using the same LDAP tree (DIT) produce
different results.
At FreeBSD 10.3 nss_ldap can't enumerate supplementary user
groups.
Example:
FreeBSD 9.2:
# id user1
... groups=basegroup,gr1,gr2,gr3
FreeBSD 10.3:
# id user1
... groups=basegroup
The effect is inadequate result of initgroups() calling which lead to
various side effects with permissions.
P.S. Interesting fact. At FreeBSD 10.3 pw utility produce correct
result:
#pw usershow user1
... groups=basegroup,gr1,gr2,gr3
--
Best regards,
Anthony mailto:ap00 at mail.ru
More information about the freebsd-hackers
mailing list