AD group membership second method
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
AD group membership second method
- From: John Sopko <sopko [at] cs.unc.edu>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Cc: David A Cowhig <dcowhig [at] cs.unc.edu>
- Subject: AD group membership second method
- Date: Tue, 24 Apr 2018 14:03:41 -0400
nss-pam-ldapd-users@lists.arthurdejong.org
Can someone give me the magic group filters and mappings in nslcd.conf
so we can use regular AD group members instead of having to populate
AD groups with memberUid? That is we would like to use the second
method as noted below from the README. I understand there may be a
performance hit. Thanks.
using Microsoft Active Directory
--------------------------------
When using Microsoft Active Directory server some changes need to be made to
the nslcd.conf configuration file. The included sample configuration file has
some commented out attribute mappings for such a set-up.
group membership
----------------
Currently, two ways of specifying group membership are supported. The first,
by using the memberUid attribute, is the simplest and by far the fastest
(takes the least number of lookups). The attribute values are user names (same
as the uid attribute for posixAccount entries) and are returned without
further processing.
The second method is to use DN values in the member attribute (attribute names
can be changed by using the attribute mapping options as described in the
manual page). This is potentially a lot slower because in the worst case every
DN has to be looked
--
John W. Sopko Jr.
University of North Carolina
Computer Science Dept CB 3175
Chapel Hill, NC 27599-3175
Fred Brooks Building; Room 140
Computer Services Systems Specialist
email: sopko AT cs.unc.edu
phone: 919-590-6144
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
- AD group membership second method,
John Sopko
