Re: [nssldap] nss_map_attribute gidNumber problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Howard Chu <hyc [at] highlandsun.com>
To: watts [at] jayhawks.net
Cc: Jeffrey Watts <jeffrey.w.watts [at] gmail.com>, Liam Gretton <liam.gretton [at] leicester.ac.uk>, nssldap [at] padl.com
Subject: Re: [nssldap] nss_map_attribute gidNumber problem
Date: Thu, 11 Feb 2010 12:55:40 -0800

Jeffrey Watts wrote:

Thanks for linking to that, that seems very useful.  However, in this
circumstance, will that address his problem with gidNumber?

It seems to me that while that would allow people like Liam to have a
standardized format for the LDAP attributes he's using, how would someone like
him be able to configure NSS-LDAP to map, say, gidNumber;host-foobar to
gidNumber for users, but map gidNumber itself to groups?

The point of using attribute options is that the base attribute type remainsthe same, and therefore doesn't need to be mapped at all. Mapping is a poorsolution to this problem, so remove mapping from the equation.


Jeffrey.

On Thu, Feb 11, 2010 at 2:03 PM, Howard Chu <hyc@highlandsun.com
<hyc [at] highlandsun.com>> wrote:

    Jeffrey Watts wrote:

        Unix groups also have a gidNumber.  What I suspect is happening is
        that when
        you map gidNumber to gidNumberSYS1, the LDAP groups do not have that
        attribute
        defined and thus gidNumber gets mapped by default to cn.

        I'm not sure if there's a way to add filter options to
        nss_map_attribute much
        like you can with nss_base_group.  For example, it'd be nice to be
        able to do
        something like:

        nss_map_attribute gidNumber gidNumberSYS1 &(objectcategory=user)
        Basically: <attribute> <value> <filter>

        If the functionality doesn't exist it might be a good thing to suggest
        for a
        future version.


    Please see section 2.2.2 Attribute Option in the latest draft of RFC2307bis.

    
http://tools.ietf.org/draft/draft-howard-rfc2307bis/draft-howard-rfc2307bis-02.txt


--

"He that would make his own liberty secure must guard even his enemy from
oppression; for if he violates this duty he establishes a precedent that will
reach to himself." -- Thomas Paine



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

[nssldap] nss_map_attribute gidNumber problem, Liam Gretton
- Re: [nssldap] nss_map_attribute gidNumber problem, Jeffrey Watts
  - Re: [nssldap] nss_map_attribute gidNumber problem, Howard Chu
    - Re: [nssldap] nss_map_attribute gidNumber problem, Jeffrey Watts
      - Re: [nssldap] nss_map_attribute gidNumber problem, Howard Chu
    - Re: [nssldap] nss_map_attribute gidNumber problem, Liam Gretton

Prev by Date: Re: [nssldap] nss_map_attribute gidNumber problem
Next by Date: Re: [nssldap] nss_map_attribute gidNumber problem
Previous by thread: Re: [nssldap] nss_map_attribute gidNumber problem
Next by thread: Re: [nssldap] nss_map_attribute gidNumber problem