Filtering to only examine valid entries
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Filtering to only examine valid entries
- From: Bill Johnstone <beejstone3 [at] yahoo.com>
- To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Reply-to: Bill Johnstone <beejstone3 [at] yahoo.com>
- Subject: Filtering to only examine valid entries
- Date: Wed, 27 Jul 2011 11:07:49 -0700 (PDT)
Hello.
Let me apologize beforehand for the lack of thorough understanding of LDAP here.
We are authenticating using nslcd against Active Directory. It is a relatively
flat forest.
Only some users and groups have uidNumber and gidNumber attributes.
For the groups, we follow a naming convention as to which groups are assigned
gidNumber attributes . For user names, there is not such a convention.
As of now, we get a lot of log entries of the type:
group entry CN=<Group Name>,CN=Users,DC=<domain>,DC=corp does not contain
gidNumber value
How can I filter in nslcd such that:
- It only examines groups that either
a. Match a regex or pattern for the naming convention, or
b. the LDAP query is such that only groups with gidNumber attributes are
requested?
- It only only examines user entries that are assigned uidNumber attributes?
I would guess I need to use the "filter MAP FILTER" directive in nslcd.conf,
but I'm not sure how to properly use it here.
Presumably I'd have one "filter group ..." directive and one "filter passwd
..." directive, but I'm unclear on the syntax for the FILTER part.
Thanks for any help.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- Filtering to only examine valid entries,
Bill Johnstone
