RSS feed

Re: memberUid mappings in AD

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: memberUid mappings in AD

On 04/29/2012 11:42 AM, steve wrote:
On 27/04/12 11:33, Arthur de Jong wrote:
On Fri, 2012-04-27 at 10:52 +0200, steve wrote:
Thanks. That mapping works fine with 0.7.13 openSUSE.
getent gives a (very) slight pause when it gets to the AD users/groups
and only then when the lan is busy. Would we be able to remove that
mapping with 0.8.4?

Yes, with the latest 0.8 series the mapping uses member by default.

The 0.8 series is just stabilising so it may be a bit rough around the
edges and hasn't been tested as thoroughly as 0.7.16.

Just tried 0.8.4

In fact,
map    group     uniqueMember    member
gives an error with the new version. Can however confirm that commenting out the line works perfectly.
Problem: with 0.8.4 there are _hundreds_ of calls to ldap compared to 2 or 3 at the most with the same call (e.g. a user logging in) on 0.7.13 Here is nslcd.conf for both versions
0.8.4 is with Ubuntu 12.04 and 0.7.13 is with openSUSE 12.1
uid nslcd
gid nslcd
uri ldap://
base dc=polop,dc=site
map    passwd    uid    samAccountName
map    passwd    homeDirectory    unixHomeDirectory
#map    group    uniqueMember    member
sasl_mech GSSAPI
sasl_realm POLOP.SITE
krb5_ccname /tmp/nslcd.tkt

The only way we can stop it is with nscd. Are we supposed to be running with nscd?
Any ideas?

To unsubscribe send an email to or see