On 12/10/2012 01:29 PM, Deas, Jim wrote:
I am about to upgrade our systems to the current version. One of my
difficulty’s in the old version was the lack of nested groups.
Is there a way with the current software to create nested groups in
openldap that will be seen properly by the linux PAM module and Mac OSX?
Linux systems with the 'sss' stack (sssd) rather than PADL's nss_ldap
and pam_ldap support nested groups if you're using RFC2307bis. In that
case, you should be storing "member" attributes rather than "memberuid".
https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/chap-SSSD_User_Guide-Configuring_Domains.html
OS X appears to do its own thing, and expects an apple-group-nestedgroup
attribute.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
