RSS feed

Re: Mapping attributes in nslcd.conf

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Mapping attributes in nslcd.conf

In my configuration, we don't have a gid value for users either.  The
string representation of their group is obtained by the system looking
up the gid (either in /etc/group or via LDAP, if you're using LDAP for
groups).  Try using "getent group <gidNumber>" to see if your host is
properly looking up groups via LDAP.


On 09/08/2010 06:54 PM, Greg Newton wrote:
> Hi -
> I'm trying use the map functionality in nslcd.conf to create local
> attributes.
> I have one map working:
> map passwd homeDirectory "/home/ldap/$uid"
> which successfully reads the homeDirectory attribute from ldap
> (something like /home3/19/username) and changes it to a useful local
> path.
> The other map I want to set up needs to be something like:
> map group gid "$uid"
> which doesn't work - nor do any of the variations on that theme.
> My setup
> LDAP server: SunLDAP (not under my control)
> Client machines: Ubuntu 10.04, nslcd and associated pkgs. - v0.7.2
> The ldap server does not currently have the gid attribute populated,
> so when an ldap-authenticated user logs in to a client machine they
> end up with a home group (gid) set to their gidNumber rather than a
> string.
> I believe that I am unable to change the gid because gid isn't
> populated on the ldap server. The suggestion is that I can build a
> local attribute even if it's missing:
> <quote>"${homeDirectory:-/home/$uid}"
> use the uid attribute to build a homeDirectory value if that attribute
> is missing</quote>
> Ultimately my question is:
> Can I map a local gid to an ldap uid when the ldap gid can't be read?
> Can anyone point me to the answer?
> Thanks,
> Greg
> -- 

To unsubscribe send an email to or see