[SUMMARY] LDAP groups with many members + Sol 10 LDAP client

From: Anderson, Ryan C \(US SSA\) <Ryan.Anderson_at_baesystems.com>
Date: Wed Oct 01 2008 - 13:27:11 EDT
The final answer is that you must patch upgrade Solaris 10 to see all
members of large LDAP groups. I did find out the specific patch that
fixes the behavior is the kernel patch. Solaris 10 SPARC kernel patch
120011-17 or above is supposed to fix this. BEWARE: I also found that
the newest kernel patch (127127-11) makes printing from LDAP clients all
but impossible, see:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-241426-1

RCA
--
UNIX Administrator, BAE Systems EIT
desk 763-572-6684  mobile 612-419-9362

-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Anderson, Ryan
C (US SSA)
Sent: Tuesday, September 30, 2008 3:05 PM
To: sunmanagers@sunmanagers.org
Subject: LDAP groups with many members + Sol 10 LDAP client

I've found that (like NIS) a Solaris 10 update 4 LDAP client can't see
groups after they reach too many members. I found out today a Solaris 10
update 5 client can see the groups fine, but all my systems are update
4. The only workaround I've found is to create multiple groups with the
same gidNumber and chunk up the members between them.

Is there a setting in Solaris to see the groups properly? Any idea on
what Sol 10 patch number might fix the behavior?

On Sol 10 u4 & u5, I can do: ldaplist -l group verybiggroup
But on u4, every other OS utility can't see the group, ie 'getent group
verybiggroup', 'groups <member of verybiggroup>'.

RCA
--
UNIX Administrator, BAE Systems EIT
desk 763-572-6684  mobile 612-419-9362
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Oct 1 13:30:10 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:12 EST