Bug 91768 - User in multiple groups not handled correctly
Summary: User in multiple groups not handled correctly
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
(Show other bugs)
Version: 9
Hardware: i386 Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2003-05-27 22:19 UTC by Kyle Bateman
Modified: 2015-01-08 00:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-05-30 20:58:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Kyle Bateman 2003-05-27 22:19:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021220

Description of problem:
When a user belongs to multiple groups, and ldap is used to determine user
information, only the primary group (the one in People) seems to be queried at
login time.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Setup ldap server containing People, Group directories
2.Enter a user that belongs in multiple groups (memberUid)
2.Run authconfig and set up to get auth and user info from ldap
4.Log in as the user (via ssh, xdm, etc.)
5.Execute "id user" to see all groups the user belongs to
6.Now execute "id" alone and see only the primary group


Actual Results:  When a user logs in, he is only a member of his primary group
so any other group privileges he should have are not active.  Add the group
definitions into the /etc flat files and all is well.  But try to query it only
from ldap and only the primary group is found.

Expected Results:  When a user logs in, he should be given access to all groups
he is a member of.

Additional info:

Perhaps this is a configuration problem (especially if its unique only to me). 
But the target host and the ldap server are 2 new RH9 loads so it seems like it
should work.

Comment 1 Kyle Bateman 2003-05-30 20:58:42 UTC
Must have been my mistake.

I am unable to replicate this now.  As far as I can tell, it must have had
something to do with incorrect ACL in the ldap server, but I'm not sure.

Note You need to log in before you can comment on or make changes to this bug.