Re: [nssldap] nss_map_attribute gidNumber problem
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] nss_map_attribute gidNumber problem
- From: Liam Gretton <liam.gretton [at] leicester.ac.uk>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] nss_map_attribute gidNumber problem
- Date: Fri, 12 Feb 2010 09:22:42 +0000
On 11/02/2010 20:03, Howard Chu wrote:
Jeffrey Watts wrote:
Unix groups also have a gidNumber. What I suspect is happening is that when
you map gidNumber to gidNumberSYS1, the LDAP groups do not have that attribute
defined and thus gidNumber gets mapped by default to cn.
I'm not sure if there's a way to add filter options to nss_map_attribute much
like you can with nss_base_group. For example, it'd be nice to be able to do
something like:
nss_map_attribute gidNumber gidNumberSYS1&(objectcategory=user)
Basically:<attribute> <value> <filter>
If the functionality doesn't exist it might be a good thing to suggest for a
future version.
Please see section 2.2.2 Attribute Option in the latest draft of RFC2307bis.
http://tools.ietf.org/draft/draft-howard-rfc2307bis/draft-howard-rfc2307bis-02.txt
That looks promising. Is it actually implemented yet?
The host-<hostname> attribute option will be too restrictive if it
strictly requires a real hostname. Some of our systems are HPC clusters
with hundreds of hosts, but we treat them as a single 'service'.
--
Liam Gretton liam.gretton@le.ac.uk
HPC Architect http://www.le.ac.uk/its/
IT Services Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom
- Re: [nssldap] nss_map_attribute gidNumber problem, (continued)
