lists.arthurdejong.org
RSS feed

Re: [nssldap] nss_map_attribute gidNumber problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] nss_map_attribute gidNumber problem



Thanks for linking to that, that seems very useful.  However, in this circumstance, will that address his problem with gidNumber?

It seems to me that while that would allow people like Liam to have a standardized format for the LDAP attributes he's using, how would someone like him be able to configure NSS-LDAP to map, say, gidNumber;host-foobar to gidNumber for users, but map gidNumber itself to groups?

Jeffrey.

On Thu, Feb 11, 2010 at 2:03 PM, Howard Chu <hyc [at] highlandsun.com> wrote:
Jeffrey Watts wrote:
Unix groups also have a gidNumber.  What I suspect is happening is that when
you map gidNumber to gidNumberSYS1, the LDAP groups do not have that attribute
defined and thus gidNumber gets mapped by default to cn.

I'm not sure if there's a way to add filter options to nss_map_attribute much
like you can with nss_base_group.  For example, it'd be nice to be able to do
something like:

nss_map_attribute gidNumber gidNumberSYS1 &(objectcategory=user)
Basically: <attribute> <value> <filter>

If the functionality doesn't exist it might be a good thing to suggest for a
future version.

Please see section 2.2.2 Attribute Option in the latest draft of RFC2307bis.

http://tools.ietf.org/draft/draft-howard-rfc2307bis/draft-howard-rfc2307bis-02.txt


--

"He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself." -- Thomas Paine