Re: Fwd: map group uniqueMember sAMAccountName
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Fwd: map group uniqueMember sAMAccountName
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Patrik <alabard [at] gmail.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Fwd: map group uniqueMember sAMAccountName
- Date: Fri, 10 Feb 2017 10:14:32 +0100
On Fri, 2017-02-10 at 09:35 +0100, Patrik wrote:
> If you have time to help!
>
> nsswtich:
> passwd: compat ldap
> group: compat ldap
> shadow: compat ldap
> gshadow: files
I personally prefer files over compat unless you do things with
netgroups. They should be equivalent in most cases and shouldn't matter
for the problem you're seeing.
> why still is not showing up with my group name?
> drwxr-xr-x 4 root root 4096 Feb 8 00:14 .
> drwxr-xr-x 22 root root 4096 Feb 9 02:46 ..
> drwxr-xr-x 7 patrikx3 10000 4096 Feb 9 21:35 patrikx3
> drwxr-xr-x 5 root root 4096 Feb 7 04:17 samba
>
> How can I make it be patrikx3 as the group name? Is it an error?
The patrikx3 group needs to exist in LDAP for it to show up. The
easiest way to perform a group lookup from the command line is
getent group 10000
If you are tweaking your configuration be sure to stop nscd because it
may cache some values. To get more useful debugging info you can run
nslcd with the -d option so see what it does exactly.
For group lookups the cn attribute should be mapped to the name of the
group, gidNumber to the numeric group id. You can use memberUid to map
to usersnames that are in the group and member to user distinguished
names. For the lookup above you just need the cn and gidNumber
attributes working, the member(Uid) attributes are only needed for user
secondary groups.
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/