Re: Nested groups ldap to PAM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

That is what I have found to date in DS but Mac OSX services does allow this through a mechanism I have yet to explore.

It seems like a ripe target for a DS plugin so the PAM modules in each server could remain stock yet take advantage of nested groups. I was hoping that someone already had a schema and a plugin to do this.

 

 

-----Original Message-----
From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Monday, December 10, 2012 2:45 PM
To: General discussion list for the 389 Directory server project.
Cc: Deas, Jim
Subject: Re: Nested groups ldap to PAM

 

On 12/10/2012 03:24 PM, Deas, Jim wrote:

Fedora-DS is what I am currently using.


So if you have a group like this:

cn=group1,...
member: uid=foo,...

cn=group2,...
member: uid=bar,...
member: cn=group1,...

And your client queries group2, you want your client to see
member: uid=foo,...
member: uid=bar,...

without having to read member: cn=group1 and explicitly expand it?

389/Fedora DS can't do this.


 

-----Original Message-----
From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Monday, December 10, 2012 1:56 PM
To: General discussion list for the 389 Directory server project.
Cc: Deas, Jim
Subject: Re: Nested groups ldap to PAM

 

On 12/10/2012 02:29 PM, Deas, Jim wrote:

I am about to upgrade our systems to the current version. One of my difficulty’s in the old version was the lack of nested groups.

Is there a way with the current software to create nested groups in openldap


Not sure what you mean by "in openldap".  Are you using 389 or openldap server?

that will be seen properly by the linux PAM module and Mac OSX?

 

Regards,

JD

 

 

 



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux