Bug 91768
| Summary: | User in multiple groups not handled correctly | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Kyle Bateman <kyle> |
| Component: | nss_ldap | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED NOTABUG | QA Contact: | Jay Turner <jturner> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9 | CC: | srevivo |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-05-30 20:58:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Must have been my mistake. I am unable to replicate this now. As far as I can tell, it must have had something to do with incorrect ACL in the ldap server, but I'm not sure. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021220 Description of problem: When a user belongs to multiple groups, and ldap is used to determine user information, only the primary group (the one in People) seems to be queried at login time. Version-Release number of selected component (if applicable): nss_ldap-202-5 How reproducible: Always Steps to Reproduce: 1.Setup ldap server containing People, Group directories 2.Enter a user that belongs in multiple groups (memberUid) 2.Run authconfig and set up to get auth and user info from ldap 4.Log in as the user (via ssh, xdm, etc.) 5.Execute "id user" to see all groups the user belongs to 6.Now execute "id" alone and see only the primary group Actual Results: When a user logs in, he is only a member of his primary group so any other group privileges he should have are not active. Add the group definitions into the /etc flat files and all is well. But try to query it only from ldap and only the primary group is found. Expected Results: When a user logs in, he should be given access to all groups he is a member of. Additional info: Perhaps this is a configuration problem (especially if its unique only to me). But the target host and the ldap server are 2 new RH9 loads so it seems like it should work.