On many systems, you can simply create the group locally and add members to it in /etc/group. The group memberships will be concatenated with those in LDAP. This assumes that "files" appears in your nss config. Something like this: passwd files ldap group files ldap Be sure that the local group IDs match up with the LDAP groups you're targeting. -Matthew On Oct 20, 2009, at 5:48 AM, "Wilhelm Meier" <wilhelm.meier@xxxxxxxx> wrote: > Hi all, > > we are using pam_group in combination to pam_ldap to give users > additional group membership like plugdev. This is ok but not for hald, > since it uses nss to resolve the group membership of a given user. > > What is the best way to provide in a system-wide manner the nss- > service > with additional group memberships? (We do not have the change to add > the > memberships to the ldap directory ...) > > -- > Wilhelm > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list