On Mon, Nov 03, 2008 at 03:19:11PM +0100, frank wrote: > On Sun, 2008-11-02 at 15:48 +0100, Ansgar Burchardt wrote: > > > > I'm having problems setting up LDAP with POSIX groups. I can see groups > > and members with "getent group mygroup", but am not a member after > > logging in. > > > > To configure LDAP, I added > > > > nss_base_group ou=Group,dc=example,dc=com?sub > > > > to /etc/libnss-ldap.conf and pam_ldap.conf. This made the "getent" > > command work. The LDAP entry for the group looks like this: > > > > dn: cn=mygroup,ou=Group,dc=example,dc=com > > objectClass: top > > objectClass: posixGroup > > cn: mygroup > > gidNumber: 1000 > > memberUid: ansgar > > > > In online documentation, I also read about the object classes > > groupOfNames and groupOfUniqueNames, but have no idea how to use them > > (only posixGroup seems to have the gidNumber property and all three > > classes are structural). > > The ldap documentation is very rare. Have you modified you > nsswitch.conf? could also be ldap security, I found when I getent it would work but not when I did a id plus I started to use libnss-ldapd, found it a bit more stable > > Regards > Frank > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- The sum of the Universe is zero.
Attachment:
signature.asc
Description: Digital signature