Re: Mapping attributes in nslcd.conf

[David Tomaschik <dtomasch [at] kennesaw.edu>]

In my configuration, we don't have a gid value for users either.  The
string representation of their group is obtained by the system looking
up the gid (either in /etc/group or via LDAP, if you're using LDAP for
groups).  Try using "getent group <gidNumber>" to see if your host is
properly looking up groups via LDAP.

David


On 09/08/2010 06:54 PM, Greg Newton wrote:
> Hi -
>
> I'm trying use the map functionality in nslcd.conf to create local
> attributes.
>
> I have one map working:
> map passwd homeDirectory "/home/ldap/$uid"
> which successfully reads the homeDirectory attribute from ldap
> (something like /home3/19/username) and changes it to a useful local
> path.
>
> The other map I want to set up needs to be something like:
> map group gid "$uid"
> which doesn't work - nor do any of the variations on that theme.
>
> My setup
> LDAP server: SunLDAP (not under my control)
> Client machines: Ubuntu 10.04, nslcd and associated pkgs. - v0.7.2
>
> The ldap server does not currently have the gid attribute populated,
> so when an ldap-authenticated user logs in to a client machine they
> end up with a home group (gid) set to their gidNumber rather than a
> string.
>
> I believe that I am unable to change the gid because gid isn't
> populated on the ldap server. The suggestion is that I can build a
> local attribute even if it's missing:
>
> <quote>"${homeDirectory:-/home/$uid}"
> use the uid attribute to build a homeDirectory value if that attribute
> is missing</quote>
>
> Ultimately my question is:
> Can I map a local gid to an ldap uid when the ldap gid can't be read?
>
> Can anyone point me to the answer?
>
> Thanks,
> Greg
> -- 

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users