Red Hat Bugzilla – Bug 91768
User in multiple groups not handled correctly
Last modified: 2015-01-07 19:05:16 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021220 Description of problem: When a user belongs to multiple groups, and ldap is used to determine user information, only the primary group (the one in People) seems to be queried at login time. Version-Release number of selected component (if applicable): nss_ldap-202-5 How reproducible: Always Steps to Reproduce: 1.Setup ldap server containing People, Group directories 2.Enter a user that belongs in multiple groups (memberUid) 2.Run authconfig and set up to get auth and user info from ldap 4.Log in as the user (via ssh, xdm, etc.) 5.Execute "id user" to see all groups the user belongs to 6.Now execute "id" alone and see only the primary group Actual Results: When a user logs in, he is only a member of his primary group so any other group privileges he should have are not active. Add the group definitions into the /etc flat files and all is well. But try to query it only from ldap and only the primary group is found. Expected Results: When a user logs in, he should be given access to all groups he is a member of. Additional info: Perhaps this is a configuration problem (especially if its unique only to me). But the target host and the ldap server are 2 new RH9 loads so it seems like it should work.
Must have been my mistake. I am unable to replicate this now. As far as I can tell, it must have had something to do with incorrect ACL in the ldap server, but I'm not sure.