Red Branch | For Future Reference …
With several machines configured to use OpenLdap for user and group authentication/permissions I was having the problem that the getent and id commands were not returning all the group information. My groups exist in the Ldap directory with members listed under ‘memberuid’ but when entering: id testuser I was getting: uid=15052(testuser) gid=10000(testgroup) groups=10000(testgroup) when I… Read more »
The are multiple methods of doing this including using pam but I settled for the following: In the /etc/ssh/sshd_config file I currently have: AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper AuthorizedKeysCommandRunAs nobody to check for ssh keys for the user logging in and I also have password authentication disallowed. The content of the file /usr/libexec/openssh/ssh-ldap-wrapper was simply: exec /usr/libexec/openssh/ssh-ldap-helper -s… Read more »
