lists.arthurdejong.org
RSS feed

Re: group filter in nslcd.conf

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: group filter in nslcd.conf



On Tue, 10 Dec 2013, Nicolas Soriano wrote:
This are the modifications I’ve added to nslcd.conf, the filters and search bases are perfectly working with a « ldapsearch ». With nslcd, only users are working and i don’t get any group.

# The distinguished name of the search base.
base dc=univ-rennes1,dc=fr
# Customize certain database lookups.
base    passwd  ou=people,dc=univ-rennes1,dc=fr
filter  passwd  (departmentNumber=R436*)

I would personally limit this a bit further, perhaps add uid=*.

base    group   ou=grouper,dc=univ-rennes1,dc=fr
filter  group   (&(objectClass=GroupOfNames)(cn=ur1:div:rec:lab:r436:*))
map group uniqueMember member

The above looks reasonable. Do you know which version of nslcd is running? Also, if you can start nslcd with the -d option to get debugging information, that could provide useful information.

Some classes of errors are also logged to normal syslog, so you could check there.

If you have access to the LDAP server you could try to get debug logs there to see if there is any difference between nslcd and ldapsearch queries.

--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/