Hallo,
uid und gid entsprechen sich nur einmal, das ist in diesem Eintrag:
# nextUnixId, idmap, univention, murphy.ath.cx
dn: cn=nextUnixId,cn=idmap,cn=univention,dc=murphy,dc=ath,dc=cx
uidNumber: 55000
gidNumber: 55000
Ansonsten werden die Nummern exklusiv entweder für uid oder gid verwendet.
Ausgaben der restliche Befehle sind:
[code]root@master:~# univention-s4search cn=data
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘naclrpc_as_system’ registered
GENSEC backend ‘sasl-EXTERNAL’ registered
GENSEC backend ‘ntlmssp’ registered
GENSEC backend ‘http_basic’ registered
GENSEC backend ‘http_ntlm’ registered
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
resolve_lmhosts: Attempting lmhosts lookup for name master.murphy.ath.cx<0x20>
record 1
dn: CN=data,CN=Groups,DC=murphy,DC=ath,DC=cx
objectClass: top
objectClass: group
cn: data
instanceType: 4
whenCreated: 20150428044952.0Z
uSNCreated: 3966
name: data
objectGUID: c64fbfe2-1bfc-4656-b78c-595c974405bf
objectSid: S-1-5-21-2066997046-992583067-1952614592-1123
sAMAccountName: data
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=murphy,DC=ath,DC=cx
description: Read access to data (soft,vid,mp3)
memberOf: CN=software,CN=Groups,DC=murphy,DC=ath,DC=cx
member: CN=martina,CN=Users,DC=murphy,DC=ath,DC=cx
member: CN=Guest,CN=Users,DC=murphy,DC=ath,DC=cx
member: CN=x,CN=Users,DC=murphy,DC=ath,DC=cx
member: CN=vdr,CN=Groups,DC=murphy,DC=ath,DC=cx
member: CN=Guests,CN=Builtin,DC=murphy,DC=ath,DC=cx
member: CN=dl,CN=Users,DC=murphy,DC=ath,DC=cx
member: CN=solemn2,CN=Users,DC=murphy,DC=ath,DC=cx
whenChanged: 20150622144215.0Z
uSNChanged: 4133
distinguishedName: CN=data,CN=Groups,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/CN=Configuration,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/DC=DomainDnsZones,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/DC=ForestDnsZones,DC=murphy,DC=ath,DC=cx
returned 4 records
1 entries
3 referrals[/code]
Da fällt mir auf, dass solemn als member fehlt. Über die Webgui ist der User allerdings drin.
[code]root@master:~# univention-ldapsearch cn=data|more
extended LDIF
LDAPv3
base <dc=murphy,dc=ath,dc=cx> (default) with scope subtree
filter: cn=data
requesting: ALL
data, groups, murphy.ath.cx
dn: cn=data,cn=groups,dc=murphy,dc=ath,dc=cx
sambaGroupType: 2
cn: data
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
gidNumber: 5073
univentionGroupType: -2147483646
sambaSID: S-1-5-21-2066997046-992583067-1952614592-1123
uniqueMember: uid=solemn,cn=users,dc=murphy,dc=ath,dc=cx
uniqueMember: uid=martina,cn=users,dc=murphy,dc=ath,dc=cx
uniqueMember: cn=Guests,cn=Builtin,dc=murphy,dc=ath,dc=cx
uniqueMember: cn=Authenticated Users,cn=Builtin,dc=murphy,dc=ath,dc=cx
uniqueMember: uid=Guest,cn=users,dc=murphy,dc=ath,dc=cx
uniqueMember: cn=vdr,cn=groups,dc=murphy,dc=ath,dc=cx
uniqueMember: uid=x,cn=users,dc=murphy,dc=ath,dc=cx
uniqueMember: uid=dl,cn=users,dc=murphy,dc=ath,dc=cx
uniqueMember: uid=solemn2,cn=users,dc=murphy,dc=ath,dc=cx
memberUid: solemn
memberUid: martina
memberUid: Guest
memberUid: x
memberUid: dl
memberUid: solemn2
description: Read access to data (soft,vid,mp3)
search result
search: 3
result: 0 Success
numResponses: 2
numEntries: 1
[/code]
da ist solemn dann wieder drin
[code]root@master:~# univention-s4search cn=solemn
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘naclrpc_as_system’ registered
GENSEC backend ‘sasl-EXTERNAL’ registered
GENSEC backend ‘ntlmssp’ registered
GENSEC backend ‘http_basic’ registered
GENSEC backend ‘http_ntlm’ registered
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
resolve_lmhosts: Attempting lmhosts lookup for name master.murphy.ath.cx<0x20>
record 1
dn: CN=solemn,CN=Users,DC=murphy,DC=ath,DC=cx
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: solemn
sn: xxx
givenName: xxx
instanceType: 4
whenCreated: 20150428064031.0Z
displayName: xxx xxx
uSNCreated: 3997
name: solemn
objectGUID: 0453b1ac-dec8-4153-a0a9-2b3a430636a1
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
objectSid: S-1-5-21-2066997046-992583067-1952614592-1133
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: solemn
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=murphy,DC=ath,DC=cx
userAccountControl: 512
userPrincipalName: solemn@MURPHY.ATH.CX
pwdLastSet: 130746768280000000
memberOf: CN=home,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=media,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=Administrators,CN=Builtin,DC=murphy,DC=ath,DC=cx
memberOf: CN=Domain Admins,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=software,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=vdr,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=Domain Users,CN=Groups,DC=murphy,DC=ath,DC=cx
memberOf: CN=download,CN=Groups,DC=murphy,DC=ath,DC=cx
primaryGroupID: 1123
whenChanged: 20150502171814.0Z
uSNChanged: 4091
distinguishedName: CN=solemn,CN=Users,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/CN=Configuration,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/DC=DomainDnsZones,DC=murphy,DC=ath,DC=cx
Referral
ref: ldap://murphy.ath.cx/DC=ForestDnsZones,DC=murphy,DC=ath,DC=cx
returned 4 records
1 entries
3 referrals
[/code]
Hier würde ich wiederrum sagen fehlt “memberOf: data”
[code]root@master:~# univention-ldapsearch cn=solemn
extended LDIF
LDAPv3
base <dc=murphy,dc=ath,dc=cx> (default) with scope subtree
filter: cn=solemn
requesting: ALL
search result
search: 3
result: 0 Success
numResponses: 1
[/code]
und das ist sehr dürftig…
Solemn