[nssldap] Re: Nested groups
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] Re: Nested groups
- From: Andreas Moroder <andreas.moroder [at] sb-brixen.it>
- To: nssldap [at] padl.com
- Subject: [nssldap] Re: Nested groups
- Date: Fri, 18 Apr 2008 11:13:42 +0200
Luke Howard schrieb:
nss_ldap supports nested groups simply by having a group member being a
group itself. The group member must be a DN, so the uniqueMember or
member attribute would typically used (not memberUid).
This isn't actually specified in RFC 2307.
You also need to have rfc2307bis support enabled in nss_ldap, by putting
nss_schema rfc2307bis in ldap.conf.
-- Luke
Hello,
in slapo.conf I have added this line
nss_map_attribute uniqueMember member
and restarted the openldap server
Then I imported this object
dn: cn=atest, ou=groups, dc=sb-brixen,dc=it
gidNumber: 987
member: cn=informatik, ou=groups, dc=sb-brixen,dc=it
userPassword:: e2NyeXB0fXg=
objectClass: top
objectClass: groupOfNames
objectClass: posixGroup
description: atest
cn: atest
I restarted ncsd to
The user amoroder ( me ) is member of the group informatik ( and other
groups )
now I tried with "id amoroder"
I get as result all the groups I am mmebr of, but not the group atest(987).
What is wrong here. Are my assumptions wrong that amoroder should also
become member of the group at because "informatik" is member of atest ?
Thanks
Andreas