Hi, > At long last I think I see it. ?FDS has create groups with object class > groupofuniquenames to which we have added an objectclass of posixgroup > but it is only populated with uniquemember and not memberuid. ?It looks > like I have two options: > > 1) Define nss_map_objectclass posixgroup groupofuniquenames: > This works for getent group but seems to make id hang. ?I think this > also creates a problem in that the user groups, i.e., the posixgroup > created for each uid, will not be mapped. > > 2) Define all the memberuids in each group: > This means an extra administrative step (is there anyway to automate > this from the uniquemembers attribute?) and exposure to human error. > > My guess is that option 2 is the correct way to go. ?Is that true? > Thanks - John It depends on how you proceed. There is a parameter nss_schema <rfc2307bis|rfc2307> (man nss_ldap) that lets you to chose whether you prefer memberuid or member dn in the groups. Another important point is that the user used by nss_ldap to bind to your ldap server should have the right to read memberUid & uniqueMember attributes on group entries...
