[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP and POSIX groups



On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote:
> 
> I'm having problems setting up LDAP with POSIX groups.  I can see groups
> and members with "getent group mygroup", but am not a member after
> logging in.
> 
> To configure LDAP, I added
> 
>     nss_base_group ou=Group,dc=example,dc=com?sub
> 
> to /etc/libnss-ldap.conf and pam_ldap.conf.  This made the "getent"
> command work.  The LDAP entry for the group looks like this:
> 
>     dn: cn=mygroup,ou=Group,dc=example,dc=com
>     objectClass: top
>     objectClass: posixGroup
>     cn: mygroup
>     gidNumber: 1000
>     memberUid: ansgar
> 
> In online documentation, I also read about the object classes
> groupOfNames and groupOfUniqueNames, but have no idea how to use them
> (only posixGroup seems to have the gidNumber property and all three
> classes are structural).

The ldap documentation is very rare. Have you modified you
nsswitch.conf?

Regards
Frank


Reply to: