Re: memberUid mappings in AD

[steve <steve [at] steve-ss.com>]

On 04/29/2012 11:42 AM, steve wrote:
> On 27/04/12 11:33, Arthur de Jong wrote:
> > On Fri, 2012-04-27 at 10:52 +0200, steve wrote:
> > > Thanks. That mapping works fine with 0.7.13 openSUSE.
> > > getent gives a (very) slight pause when it gets to the AD users/groups
> > > and only then when the lan is busy. Would we be able to remove that
> > > mapping with 0.8.4?
> >
> > Yes, with the latest 0.8 series the mapping uses member by default.
> >
> > The 0.8 series is just stabilising so it may be a bit rough around the
> > edges and hasn't been tested as thoroughly as 0.7.16.
> Hi
> Just tried 0.8.4
>
> In fact,
> map    group     uniqueMember    member
> gives an error with the new version. Can however confirm that 
> commenting out the line works perfectly.
> Cheers,
> Steve
Problem: with 0.8.4 there are _hundreds_ of calls to ldap compared to 2 
or 3 at the most with the same call (e.g. a user logging in) on 0.7.13 
Here is nslcd.conf for both versions
0.8.4 is with Ubuntu 12.04 and 0.7.13 is with openSUSE 12.1
uid nslcd
gid nslcd
uri ldap://sam4dc.polop.site
base dc=polop,dc=site
map    passwd    uid    samAccountName
map    passwd    homeDirectory    unixHomeDirectory
#map    group    uniqueMember    member
sasl_mech GSSAPI
sasl_realm POLOP.SITE
krb5_ccname /tmp/nslcd.tkt

The only way we can stop it is with nscd. Are we supposed to be running 
with nscd?
Any ideas?
Cheers,
Steve

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/