[nssldap] nss_map_attribute gidNumber problem

[Liam Gretton <liam.gretton [at] leicester.ac.uk>]

I have user accounts for various systems within an OpenLDAP db (OpenLDAP 
2.4.12 on openSUSE 11.1). Clients are running the same version on the 
same OS. Both are using nss_ldap 262.

As accounts have different requirements depending on which host is being 
logged into, I've created a custom schema which implements the following 
custom attributes:

loginShellSYS1
homeDirectorySYS1
gidNumberSYS1

...and so on for multiple SYSn systems.

On the client using nss_ldap side I am mapping these to the plain
attributes as so in /etc/ldap.conf:

nss_map_attribute loginShell loginShellSYS1
nss_map_attribute homeDirectory homeDirectorySYS1
nss_map_attribute gidNumber gidNumberSYS1

Everything works perfectly EXCEPT for the gidNumber mapping. If that's
in place then 'getent group' does not return the LDAP groups. The logs 
on the LDAP server logs show that when gidNumber is mapped, getent is 
requesting 'cn' instead of 'gidNumber' from the record. Without the 
mapping, it correctly requests the gidNumber attribute.

ldapsearch on an account from the client returns all the expected
attributes including the gidNumberSYSn ones.

The LDAP accounts also have a normal gidNumber attribute, and if I
remove the mapping and use that, then getent group returns the expected
results.

It's entirely likely that I've done something plain silly which is
causing this problem, but is there any special behaviour regarding group 
mapping that I should have taken into account?

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                http://www.le.ac.uk/its/
IT Services                                   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom