[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)


2009/3/12 Dave Ewart <davee@ceu.ox.ac.uk>:
> On Wednesday, 11.03.2009 at 22:01 +0100, Martin wrote:
>> OK I Managed to get at least group memberships (somehow working):
>> # getent group testers users; id john.doe
>> testers:*:5001:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>> users:*:5000:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>> uid=1000(john.doe) gid=5000(users) groups=5000(users)
>> now, why doesn't it work so that I just have john.doe as a member but
>> instead the full DN of the ldap object?
> Your 'cn=testers' entry includes the full DN, so that's what gets
> returned.

Well that is somewhat "on purpose" the goal of the project is to only
have to maintain groups like this:

dn: cn=testers,ou=Group,dc=marcher,dc=name
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
cn: testers
gidNumber: 5001
member: uid=john.doe,ou=People,dc=marcher,dc=name

(mind the "member" attribute) with rfc2307bis posixGroup is auxilliary
and libnss-ldap should be able to handle that. I just can't figure out
how :(



You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Reply to: