Re: How to map Active directory group members to linux equivalent
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: How to map Active directory group members to linux equivalent
- From: steve <steve [at] steve-ss.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: How to map Active directory group members to linux equivalent
- Date: Sun, 19 Jan 2014 14:07:02 +0100
On Sun, 2014-01-19 at 12:18 +0000, Damien Dye wrote:
> Hi all
>
>
> wounder if you can help me am having a few issues trying to get group
> memberships to be driven from the standard active directory attribute
> called member but I can only seam to get it to work with memberUid
> which is not the same listing as group members as displayed in AD.
>
>
> when I map attribute member the deamon fails to start.
>
> # Mappings for Active Directory
> pagesize 1000
> #referrals off
>
> filter passwd
> (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
>
> map passwd uid sAMAccountName
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
>
> filter shadow
> (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
> map shadow uid sAMAccountName
> map shadow shadowLastChange pwdLastSet
>
> filter group (objectClass=group)
> #map group uniqueMember member this field caused daemon to
> fail to start
>
> uid nslcd
> gid ldap
>
>
> scope sub
>
> ssl no
> tls_cacertdir /etc/openldap/cacerts
>
>
>
> thanks for any help in advance
Hi
It depends which version you are using. As of 0.8.10 it looks into the
DN for the member attribute(s) for group membership(s). If you have a
recent version then your group config is correct with the line commented
as you have it. id should list all the groups to which a domain user
belongs.
(Maybe turn off tls too.)
HTH
Steve
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
