[nssldap] Re: Nested groups

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Andreas Moroder <andreas.moroder [at] sb-brixen.it>
To: nssldap [at] padl.com
Subject: [nssldap] Re: Nested groups
Date: Fri, 18 Apr 2008 11:13:42 +0200

Luke Howard schrieb:

nss_ldap supports nested groups simply by having a group member being agroup itself. The group member must be a DN, so the uniqueMember ormember attribute would typically used (not memberUid).
This isn't actually specified in RFC 2307.
You also need to have rfc2307bis support enabled in nss_ldap, by puttingnss_schema rfc2307bis in ldap.conf.
-- Luke

Hello,


in slapo.conf I have added this line
nss_map_attribute uniqueMember member

and restarted the openldap server

Then I imported this object

dn: cn=atest, ou=groups, dc=sb-brixen,dc=it
gidNumber: 987
member:    cn=informatik, ou=groups, dc=sb-brixen,dc=it
userPassword:: e2NyeXB0fXg=
objectClass: top
objectClass: groupOfNames
objectClass: posixGroup
description: atest
cn: atest

I restarted ncsd to

The user amoroder ( me ) is member of the group informatik ( and othergroups )


now I tried with  "id amoroder"
I get as result all the groups I am mmebr of, but not the group atest(987).

What is wrong here. Are my assumptions wrong that amoroder should alsobecome member of the group at because "informatik" is member of atest ?


Thanks
Andreas

[nssldap] Nested groups, Andreas Moroder
- Re: [nssldap] Nested groups, Luke Howard
  - [nssldap] Re: Nested groups, Andreas Moroder

Prev by Date: Re: [nssldap] uri question
Next by Date: [nssldap] How to configure netgroup with nss_ldap
Previous by thread: Re: [nssldap] Nested groups
Next by thread: [nssldap] LDAP Auth