Hi, > At long last I think I see it. FDS has create groups with object class > groupofuniquenames to which we have added an objectclass of posixgroup > but it is only populated with uniquemember and not memberuid. It looks > like I have two options: > > 1) Define nss_map_objectclass posixgroup groupofuniquenames: > This works for getent group but seems to make id hang. I think this > also creates a problem in that the user groups, i.e., the posixgroup > created for each uid, will not be mapped. > > 2) Define all the memberuids in each group: > This means an extra administrative step (is there anyway to automate > this from the uniquemembers attribute?) and exposure to human error. > > My guess is that option 2 is the correct way to go. Is that true? > Thanks - John It depends on how you proceed. There is a parameter nss_schema <rfc2307bis|rfc2307> (man nss_ldap) that lets you to chose whether you prefer memberuid or member dn in the groups. Another important point is that the user used by nss_ldap to bind to your ldap server should have the right to read memberUid & uniqueMember attributes on group entries... -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
