Re: LDAP and POSIX groups
On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote:
>
> I'm having problems setting up LDAP with POSIX groups. I can see groups
> and members with "getent group mygroup", but am not a member after
> logging in.
>
> To configure LDAP, I added
>
> nss_base_group ou=Group,dc=example,dc=com?sub
>
> to /etc/libnss-ldap.conf and pam_ldap.conf. This made the "getent"
> command work. The LDAP entry for the group looks like this:
>
> dn: cn=mygroup,ou=Group,dc=example,dc=com
> objectClass: top
> objectClass: posixGroup
> cn: mygroup
> gidNumber: 1000
> memberUid: ansgar
>
> In online documentation, I also read about the object classes
> groupOfNames and groupOfUniqueNames, but have no idea how to use them
> (only posixGroup seems to have the gidNumber property and all three
> classes are structural).
The ldap documentation is very rare. Have you modified you
nsswitch.conf?
Regards
Frank
Reply to: