Re: [SOLVED] pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

To: debian-user@lists.debian.org
Subject: Re: [SOLVED] pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
From: Martin <martin@marcher.name>
Date: Tue, 17 Mar 2009 19:54:54 +0100
Message-id: <[🔎] 5fa6c12e0903171154ldd11585ja2168818e8d2e796@mail.gmail.com>
Reply-to: martin@marcher.name
In-reply-to: <[🔎] 5fa6c12e0903120855n73a423c7p953c0a0c6eb56aa5@mail.gmail.com>
References: <[🔎] 5fa6c12e0903040011r795589eeufe0bf892b5ed0a0f@mail.gmail.com> <[🔎] 20090304091434.GH17283@nemesis.ceu.ox.ac.uk> <[🔎] 5fa6c12e0903111303o190590eby67b5cbfcd3ba8d55@mail.gmail.com> <[🔎] 5fa6c12e0903111401u4b4f456bgff3048ff6a9b740b@mail.gmail.com> <[🔎] 20090312104857.GB8068@nemesis.ceu.ox.ac.uk> <[🔎] 5fa6c12e0903120855n73a423c7p953c0a0c6eb56aa5@mail.gmail.com>

To answer my own question:

To get this to work all you need to do is map uniqueMember to member

in /etc/libnss-ldap.conf:
nss_map_attribute       member  memberUid

2009/3/12 Martin <martin@marcher.name>:
> Hi,
>
> 2009/3/12 Dave Ewart <davee@ceu.ox.ac.uk>:
>> On Wednesday, 11.03.2009 at 22:01 +0100, Martin wrote:
>>
>>> OK I Managed to get at least group memberships (somehow working):
>>>
>>> # getent group testers users; id john.doe
>>> testers:*:5001:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>>> users:*:5000:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name
>>> uid=1000(john.doe) gid=5000(users) groups=5000(users)
>>>
>>> now, why doesn't it work so that I just have john.doe as a member but
>>> instead the full DN of the ldap object?
>>
>> Your 'cn=testers' entry includes the full DN, so that's what gets
>> returned.
>
> Well that is somewhat "on purpose" the goal of the project is to only
> have to maintain groups like this:
>
> dn: cn=testers,ou=Group,dc=marcher,dc=name
> objectClass: groupOfNames
> objectClass: posixGroup
> objectClass: top
> cn: testers
> gidNumber: 5001
> member: uid=john.doe,ou=People,dc=marcher,dc=name
>
> (mind the "member" attribute) with rfc2307bis posixGroup is auxilliary
> and libnss-ldap should be able to handle that. I just can't figure out
> how :(
>
> /martin
>
>
> --
> http://soup.alt.delete.co.at
> http://www.xing.com/profile/Martin_Marcher
> http://www.linkedin.com/in/martinmarcher
>
> You are not free to read this message,
> by doing so, you have violated my licence
> and are required to urinate publicly. Thank you.
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>



-- 
http://soup.alt.delete.co.at
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Reply to:

References:
- pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Dave Ewart <davee@ceu.ox.ac.uk>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Dave Ewart <davee@ceu.ox.ac.uk>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>

Prev by Date: Re: Upgraded to Lenny can't Disable Screen Blanking
Next by Date: Re: Several segmentation faults after upgrade to Lenny
Previous by thread: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
Next by thread: xserver problem : double ghost image
Index(es):
- Date
- Thread