Hi I have been more test with the same result. I can confirm, that with the same configuration in the client, if the server is upgraded, the error is thrown. I have opened a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=596058 Regards. 2010/5/4 Rich Megginson <[email protected]> > Juan Asensio Sánchez wrote: > > > > > > 2010/5/3 Rich Megginson <[email protected] <mailto:[email protected] > >> > > > > Juan Asensio Sánchez wrote: > > > Hi > > > > > > 2010/5/3 Rich Megginson <[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>> > > > > > > > We are having trouble since we have updated from version > > 1.1.3 to > > > > 1.2.2 and 1.2.5. We have integrated CentOS/Redhat clients > > into LDAP. > > > > When we try to make "getent group", we only get one group > > and its > > > > members, but no the rest of the groups (should be more > > than 1000 > > > groups). > > > What platform? 32-bit or 64-bit? > > > How many groups? Do you only get this error when you > > attempt a search > > > to return this many groups? > > > > > > > > > "getent group" should return the local groups (that are show > > fine) and > > > about 729 LDAP groups. > > How many groups total? Roughly how many members? I'm trying to get > > some idea about how many entries and how many bytes should be > > returned. > > > If I do the same search with the command ldapsearch, > > ldapsearch to ldaps://hostname:636/ or ldap://hostname:389/ ? > > > > > > I run these queries: > > > > Total groups: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,XXXXXXX=es" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E "^dn:" | wc -l > > 729 > > > > Total members: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E -i > > "^uniquemember:" | wc -l > > 23348 > > > > Total unique members: > > # ldapsearch -H ldaps://XXXXXXX -x -LLL -b > > "ou=Groups,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX" -D "cn=Application > > Manager,cn=config" -w XXXXXXX "(&(objectClass=posixGroup))" cn > > userPassword memberUid uniqueMember gidNumber | grep -E -i > > "^uniquemember:" | sort | uniq | wc -l > > 9365 > So it appears that using ldapsearch with ldaps returns the correct > information, it's just that getent does not? both ldapsearch and getent > go through the same ldap + openssl libraries, both bind as "application > manager", it's mostly the same code path, so I'm not sure why getent > would behave differently. I'm assuming you don't see the same incorrect > Message Authentication Code error when you use ldapsearch. > > Please file a bug - https://bugzilla.redhat.com/enter_bug.cgi?product=389 > > ------------------------------------------------------------------------ > > > > -- > > 389 users mailing list > > [email protected] > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
