Bug 91768 - User in multiple groups not handled correctly
User in multiple groups not handled correctly
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
9
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-27 18:19 EDT by Kyle Bateman
Modified: 2015-01-07 19:05 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-05-30 16:58:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kyle Bateman 2003-05-27 18:19:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021220

Description of problem:
When a user belongs to multiple groups, and ldap is used to determine user
information, only the primary group (the one in People) seems to be queried at
login time.

Version-Release number of selected component (if applicable):
nss_ldap-202-5

How reproducible:
Always

Steps to Reproduce:
1.Setup ldap server containing People, Group directories
2.Enter a user that belongs in multiple groups (memberUid)
2.Run authconfig and set up to get auth and user info from ldap
4.Log in as the user (via ssh, xdm, etc.)
5.Execute "id user" to see all groups the user belongs to
6.Now execute "id" alone and see only the primary group

    

Actual Results:  When a user logs in, he is only a member of his primary group
so any other group privileges he should have are not active.  Add the group
definitions into the /etc flat files and all is well.  But try to query it only
from ldap and only the primary group is found.


Expected Results:  When a user logs in, he should be given access to all groups
he is a member of.


Additional info:

Perhaps this is a configuration problem (especially if its unique only to me). 
But the target host and the ldap server are 2 new RH9 loads so it seems like it
should work.
Comment 1 Kyle Bateman 2003-05-30 16:58:42 EDT
Must have been my mistake.

I am unable to replicate this now.  As far as I can tell, it must have had
something to do with incorrect ACL in the ldap server, but I'm not sure.



Note You need to log in before you can comment on or make changes to this bug.