Gentoo Archives: gentoo-user

From: symack <symack@×××××.com>
To: gentoo-user <gentoo-user@l.g.o>
Subject: [gentoo-user] idmapd nfs4 and ldap pleasantries :)
Date: Thu, 08 Oct 2015 16:34:36
Message-Id: CAGWRaZbxUrj95RdJA1W5eQoskWGnWLm60Yp+Bny0JS=97xJTMA@mail.gmail.com
Hello Everybody!

So decided to adopt nfs4 + rpc + ldap since most of the posts regarding
bugs I have seen range between 2012-2015, so silly me, safe to come out
right? wrong.....

Cient ldap user:

# id user1
uid=1004(user1) gid=1005(user1) groups=27(sudo),1005(user1)

Server ldap user:
# id user1
uid=1004(user1) gid=1005(user1) groups=27(sudo),1005(user1)

As you can see `nslcd and nscd` are doing their job on the client side. I
can log in, mount etc..
all fine. Except the infamous `everything has permission nobody nogroup`

A few notes:

* The `Domain` attribute is set to the same host in idmapd.conf for both
client and server
* If I set  Nobody-User = user1 Nobody-Group = user1 everything works as
expected but this was just a test.
* If I try to adduser user1 on the client I get an error as expected...
User exists therefore, users and groups are sync'ed as per ldap and nss...

Question

Can rpc.idmap translate ldap users over nsswitch? When I try to use
`umich_ldap` as the translator idmapd does not start with `umich_ldap` does
not exist...

How can I fix this please? :)

Kind Regards,

M