Am 14.11.12, schrieb Jean-Francois Saucier <jsaucier@xxxxxxxxx>:
memberUid is standard for posixGroups and works for Linux clients too.Hi everyone,
I just installed 389-ds on Fedora and have a problem with Solaris clients.
Everything works well on the Linux side (Fedora, CentOS and RHEL clients works fine).
On the Solaris side, I got everything to work too (pam, ssh, getent passwd, getent group, ldaplist -l paswd, ldaplist -l group, etc). I used the native Solaris ldapclient tool to make everything work.
The problem I have is with the Group attribute. In 389-ds, the group are created with the objectClass "groupofuniquenames" and the members are listed with the attribute "uniqueMember". I manually add the objectClass "posixgroup" to allow the group to be visible on the client.
With this configuration, everything work fine in Linux. In Solaris, I can see the group with "getent group" but there are no member. What I have found is that Solaris need it's member to be in the "memberUid" attribute and not in the "uniqueMember" attribute.
How you add uniqueMember? If you want to continue to maintain uniqueMember than you have the following options:
Also, I found that while uniqueMember require a full qualification (uid=jeff,ou=people,dc=test,dc=com), the memberUid just require the uid (jeff).
What should I do to make this work easy on Solaris? Adding the memberUid by hand is not an option because it's sure there will be a difference between the uniqueMember and memberUid list in some point in time.
- try to use winbind of Samba on the Solaris client to resolve the groups
- map uniqueMember to memberUid with a script in your preferred scripting language
- in an AD - DS replication setup there is contained a logic which maps uniquemember to memberUid automatically. This can also triggered via a task.
Regards
Thank you!
--
Jean-Francois Saucier (djf_jeff)
GPG key : 0xA9E6E953
--
Carsten Grzemba
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
