Yes, it resolves the DN properly along with secondary groups.
[psundaram@ldap02 ~]$ id psundaram
uid=2100(psundaram) gid=1000(staff) groups=1050(people),2000(admins),1000(staff)
I will test the mapping attribute in a week or so.
-Prashanth
On Thu, 2010-05-06 at 14:45 -0400, Prashanth Sundaram wrote:
> I got around this by changing the ldap.conf.
>
> pam_filter objectclass=posixAccount
> pam_member_attribute uniquemember
>
> I haven;t tested this but you can also map the memberuid and memberof
> to Uniquememember. So the nss_ldap checks the uniquemember value every
> time.
>
> nss_map_attribute memberuid uniqueMember
> nss_map_attribute member uniqueMember
>
> My Group looks like this.
> dn: cn=GROUP1,ou=Group,dc=DOMAIN,dc=COM
> objectClass: groupOfUniqueNames
> objectClass: posixGroup
> objectClass: top
> gidNumber: 3300
> uniqueMember: uid=userid1,ou=People,dc=DOMAIN,dc=COM
> uniqueMember: uid=userid2,ou=People,dc=DOMAIN,dc=COM
> uniqueMember: uid=userid3,ou=People,dc=DOMAIN,dc=COM
> uniqueMember: uid=userid4,ou=People,dc=DOMAIN,dc=COM
> uniqueMember: uid=userid5,ou=People,dc=DOMAIN,dc=COM
<snip>
Does getent properly handle the DN? I may be wrong but I thought I tried
this and it failed. I could easily have messed up due to my ignorance.
Thanks - John
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
