RSS feed

Filtering to only examine valid entries

[Date Prev][Date Next] [Thread Prev][Thread Next]

Filtering to only examine valid entries


Let me apologize beforehand for the lack of thorough understanding of LDAP here.

We are authenticating using nslcd against Active Directory.  It is a relatively 
flat forest.

Only some users and groups have uidNumber and gidNumber attributes.

For the groups, we follow a naming convention as to which groups are assigned 
gidNumber attributes .  For user names, there is not such a convention.

As of now, we get a lot of log entries of the type:
group entry CN=<Group Name>,CN=Users,DC=<domain>,DC=corp does not contain 
gidNumber value

How can I filter in nslcd such that:
 - It only examines groups that either
     a. Match a regex or pattern for the naming convention, or
     b. the LDAP query is such that only groups with gidNumber attributes are 
 - It only only examines user entries that are assigned uidNumber attributes?

I would guess I need to use the "filter MAP FILTER" directive in nslcd.conf, 
but I'm not sure how to properly use it here.

Presumably I'd have one "filter group ..." directive and one "filter passwd 
..." directive, but I'm unclear on the syntax for the FILTER part.

Thanks for any help.

To unsubscribe send an email to or see