From estartu@helios.ze.tum.de  Sat Sep 19 07:36:15 2009
Return-Path: <estartu@helios.ze.tum.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AF282106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 19 Sep 2009 07:36:15 +0000 (UTC)
	(envelope-from estartu@helios.ze.tum.de)
Received: from helios.ze.tum.de (helios.ze.tum.de [129.187.39.11])
	by mx1.freebsd.org (Postfix) with ESMTP id 4AF6D8FC24
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 19 Sep 2009 07:36:14 +0000 (UTC)
Received: from helios.ze.tum.de (localhost [127.0.0.1])
	by helios.ze.tum.de (8.14.3/8.13.8) with ESMTP id n8J75aaH084682
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 19 Sep 2009 09:05:36 +0200 (CEST)
	(envelope-from estartu@helios.ze.tum.de)
Received: (from estartu@localhost)
	by helios.ze.tum.de (8.14.3/8.13.8/Submit) id n8J75ako084681;
	Sat, 19 Sep 2009 09:05:36 +0200 (CEST)
	(envelope-from estartu)
Message-Id: <200909190705.n8J75ako084681@helios.ze.tum.de>
Date: Sat, 19 Sep 2009 09:05:36 +0200 (CEST)
From: Gerhard Schmidt <estartu@augusta.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ldap groups don't work with su 
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         138961
>Category:       bin
>Synopsis:       ldap groups don't work with su(1)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 19 07:40:04 UTC 2009
>Closed-Date:    
>Last-Modified:  Sat Sep 19 20:17:04 UTC 2009
>Originator:     Gerhard Schmidt
>Release:        FreeBSD 7.2-PRERELEASE amd64
>Organization:
Technische Universitaet Muenchen
>Environment:
System: FreeBSD helios.ze.tum.de 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Wed Mar 25 08:20:23 CET 2009 root@helios.ze.tum.de:/usr/src/sys/amd64/compile/HELIOS amd64


	
>Description:
We have a ldap Server for Usermanagement and use nss_ldap and pam_ldap
from the ports to integrate the Userinformation into FreeBSD. Everything
works quite well except for su to root 

When i try to su to root i get su: sorry as if i didn't have the wheel
group. id shows that i have the wheel group. 

<------ Sat 19. Sep 2009 08:55:42 ------> 
/usr/home/estartu
estartu@helios:1 -> su -
su: Sorry

<------ Sat 19. Sep 2009 08:56:02 ------> 
/usr/home/estartu
estartu@helios:2 -> id
uid=1505(estartu) gid=1505(estartu) groups=1505(estartu),0(wheel),106(cvs)

It seems that the su command doesn't use the ldap groups. 

>How-To-Repeat:
try su - with a setup where the wheel group comes from ldap

>Fix:
n/k
>Release-Note:
>Audit-Trail:
>Unformatted:
