On 2009-01-19, Jan-Frode Myklebust <janfrode at tanso.net> wrote: > Is there any ways of nesting groups in fedora directory server ? > > I tried creating a group "testgroup" with another group as > uniqueMember, but "getent group testgroup" didn't nest in any > users from the uniqueMember-group. Just discovered the ldap.conf/nss_ldap setting "nss_schema rfc2307bis", which seems to say it should resolve nested groups on the client side. Some testing: 1 - Running "nscd" without "nss_schema rfc2307bis": "groups username" -- not listing nested group "getent group nestedgroup" -- not un-nesting. 2 - Not running "nscd", and without "nss_schema rfc2307bis": "groups username" -- listing nested groups ! "getent group nestedgroup" -- not un-nesting 3 - Not running "nscd", with "nss_schema rfc2307bis": "groups username" -- listing nested groups ! "getent group nestedgroup" -- not un-nesting 4 - Running "nscd", with "nss_schema rfc2307bis": "groups username" -- not listing nested group "getent group nestedgroup" -- not un-nesting. So "nss_schema rfc2307bis" doesn't seem to have any effect, only "nscd" on/off seems to affect the un-nesting.. Does anybody know what else I can do to get nested groups functioning on RHEL4/RHEL4/RHEL5 ? Or is there some way of getting the directory server to do the un-nesting for me ? -jf
