LDAP and POSIX groups

To: debian-user@lists.debian.org
Subject: LDAP and POSIX groups
From: Ansgar Burchardt <ansgar@2008.43-1.org>
Date: Sun, 02 Nov 2008 15:48:27 +0100
Message-id: <[🔎] gnus-86zlkiqj44.fsf@blight.43-1.org>

Hi,

I'm having problems setting up LDAP with POSIX groups.  I can see groups
and members with "getent group mygroup", but am not a member after
logging in.

To configure LDAP, I added

    nss_base_group ou=Group,dc=example,dc=com?sub

to /etc/libnss-ldap.conf and pam_ldap.conf.  This made the "getent"
command work.  The LDAP entry for the group looks like this:

    dn: cn=mygroup,ou=Group,dc=example,dc=com
    objectClass: top
    objectClass: posixGroup
    cn: mygroup
    gidNumber: 1000
    memberUid: ansgar

In online documentation, I also read about the object classes
groupOfNames and groupOfUniqueNames, but have no idea how to use them
(only posixGroup seems to have the gidNumber property and all three
classes are structural).

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19

Reply to:

Follow-Ups:
- Re: LDAP and POSIX groups
  - From: frank <frank@anotheria.net>

Prev by Date: Re: Broken perl
Next by Date: Re: Broken perl
Previous by thread: Re: cups-pdf
Next by thread: Re: LDAP and POSIX groups
Index(es):
- Date
- Thread