Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

To: debian-user@lists.debian.org
Subject: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
From: Martin <martin@marcher.name>
Date: Thu, 12 Mar 2009 16:55:33 +0100
Message-id: <[🔎] 5fa6c12e0903120855n73a423c7p953c0a0c6eb56aa5@mail.gmail.com>
Reply-to: martin@marcher.name
In-reply-to: <[🔎] 20090312104857.GB8068@nemesis.ceu.ox.ac.uk>
References: <[🔎] 5fa6c12e0903040011r795589eeufe0bf892b5ed0a0f@mail.gmail.com> <[🔎] 20090304091434.GH17283@nemesis.ceu.ox.ac.uk> <[🔎] 5fa6c12e0903111303o190590eby67b5cbfcd3ba8d55@mail.gmail.com> <[🔎] 5fa6c12e0903111401u4b4f456bgff3048ff6a9b740b@mail.gmail.com> <[🔎] 20090312104857.GB8068@nemesis.ceu.ox.ac.uk>

Hi,

2009/3/12 Dave Ewart <davee@ceu.ox.ac.uk>:
> On Wednesday, 11.03.2009 at 22:01 +0100, Martin wrote:
>
>> OK I Managed to get at least group memberships (somehow working):
>>
>> # getent group testers users; id john.doe
>> testers:*:5001:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>> users:*:5000:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>> uid=1000(john.doe) gid=5000(users) groups=5000(users)
>>
>> now, why doesn't it work so that I just have john.doe as a member but
>> instead the full DN of the ldap object?
>
> Your 'cn=testers' entry includes the full DN, so that's what gets
> returned.

Well that is somewhat "on purpose" the goal of the project is to only
have to maintain groups like this:

dn: cn=testers,ou=Group,dc=marcher,dc=name
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
cn: testers
gidNumber: 5001
member: uid=john.doe,ou=People,dc=marcher,dc=name

(mind the "member" attribute) with rfc2307bis posixGroup is auxilliary
and libnss-ldap should be able to handle that. I just can't figure out
how :(

/martin

-- 
http://soup.alt.delete.co.at
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Reply to:

Follow-Ups:
- Re: [SOLVED] pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>

References:
- pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Dave Ewart <davee@ceu.ox.ac.uk>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Dave Ewart <davee@ceu.ox.ac.uk>

Prev by Date: Re: How to troubleshoot aptitude segfaults ?
Next by Date: Re: Measure "cp" Speed?
Previous by thread: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
Next by thread: Re: [SOLVED] pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
Index(es):
- Date
- Thread