Problem: New groups are not visible via getent group

Knowledge Base Community
, ,
#1

Problem:

New groups are not visible via getent group

Investigation:

Involved services and ucr variables:

/usr/lib/univention-pam/ldap-group-to-file.py exports the group cache to /var/lib/extrausers/group

ucr variables:

[nss/group/cachefile]
If this option is activated, all group data is exported to a cache file and included using the NSS module extrausers. This results to significant performa
nce improvements in large environments. If the variable isn't set, the cache file is activated.

[nss/group/cachefile/invalidate_on_changes]
If this variable is activated and the group cache file has been enabled (variable: nss/group/cachefile), the cache file is automatically regenerated whenever a group is edited in the UCS management system. If this variable isn't set, the option is enabled.

[nss/group/cachefile/invalidate_interval]
If the group cache file is used (variable: nss/group/cachefile), the group data is exported to the cache file in the interval specified here. The interval is specified in Cron format, see "man 5 crontab".

[nss/group/cachefile/check_member]
If this option is activated, the group cache export verifies whether the exported group members are still present in the LDAP directory. If only the Univention Management Console is used for the management of the LDAP directory, this additional check is not necessary and can be disabled.

Solution

Check if the nscd deamon runs properly.
Bug 34787

And you can run the script /usr/lib/univention-pam/ldap-group-to-file.py manually

See also:

#2
Mastodon