Re: PAM doesn't retrieve secondary group when it is an aliased object
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: PAM doesn't retrieve secondary group when it is an aliased object
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: PAM doesn't retrieve secondary group when it is an aliased object
- Date: Wed, 13 Jul 2011 21:26:30 +0200
On Wed, 2011-07-13 at 13:46 +0200, postmaster@home108.com wrote:
> Under Debian Squeeze, I need to use Samba/PAM/LDAP authentication and
> group mapping through dyngroups using:
> slapd : 2.4.23-7.2
> nslcd : 0.7.13
> libpam-ldapd : 0.7.13
> libnss-ldapd : 0.7.13
>
> I added the rfc2307bis schema because I want to obtain a groupOfURLs as
> structural objectclass and a posixGroup as auxiliary objectclass with a
> gidNumber as attribute !
Note that nss-pam-ldapd doesn't support the memberurl attribute
(pointing to an LDAP URL) but it does support the member attribute
(pointing to a DN). Also, the memberof attribute isn't currently
supported and neither are nested groups.
> Everything seems to be OK, like:
>
> $ getent group
> ...
> peri:*:521:
> scol:*:524:
Note that the groups are missing members. By default nss-pam-ldapd uses
the uniqueMember attribute and not the member attribute. If you put
map group uniqueMember member
in nslcd.conf it should work better.
Hope this helps.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
