I have been banging my head trying to get a working LDAP client up and
running on Solaris 9. I have tried compiling OpenLDAP with nss_ldap &
pam_ldap from padl.com, as well as trying to get the included
ldapclient manual config to work. With both setups I am able to get
logins to work, and even group lookups by GID or group name; however,
I am unable to get a list of groups a member belongs to (i.e. 'id -a'
does not return the correct list of groups). It all works fine on
linux with OpenLDAP and the same config.
In an attempt to debug this problem, we have traced the searches that
the clients are issuing to our LDAP server. OpenLDAP on Linux tries a
search like so:
"(&(objectclass=posixGroup)(|(memberUid=username)(member=cn=username,ou=organizationalgroup,o=org)))
This works fine, on Solaris (with either OpenLDAP or the built-in
client) we get:
"(&(objectclass=posixGroup)(memberUid=userid))"
Looking at our schema, it makes sense why this doesn't work. Is there
any way to make solaris search like Linux? I know the
(member=cn=username,ou=organizationalgroup,o=org) search is the
correct one for or setup.
Thanks!
-Nick