On 08/14/2011 03:18 PM, pradyumna dash wrote:
Hi,
Thank you so much. I have never worked a lot on nss_ldap so
asking some
basic questions.
As per you said you guys are running the same in your env.
ldap:
personals user groups:
ou=groups,o=company
first project groups:
cn=group1,ou=project1,o=____
company
cn=group2,ou=project1,o=____
company
-- Do i need to create separate OU's for different groups?
Up to you.
You need some "separator" between projects. It can be branch in the
tree, or scope "base" in filter configuration from nss_ldap.conf file.
We are prefer branches. It's more readable, when you have many
groups and many projects.
second project groups:
cn=group1,ou=project2,o=____
company
cn=group2,ou=project2,o=____
company
-- How i can specify the users who are a part of which group?
cn=group1,ou=project1,o=__
company
objectClass: posixGroup
cn: group1
gidNumber: 1000
description: project1 admin group
memberUid: user1
memberUid: user2
memberUid: user3
"Server1" nss_ldap.conf:
nss_base_group ou=groups,o=company?sub
nss_base_group ou=project1,o=company?one
--The syntax in the conf file will be like above ?? Because i
have never
used ?sub and ?one
It's URI (
http://en.wikipedia.org/wiki/__URI_scheme
<
http://en.wikipedia.org/wiki/URI_scheme>) syntax.
You should to write second part of URI (after connection
description) with base, scope and filter.
"Server2" nss_ldap.conf:
nss_base_group ou=groups,o=company?sub
nss_base_group ou=project2,o=company?one
Also if you can help, am trying "pwdReset" for my ldap users, in the
ppolicy.schema file i have uncommented this attribute but not
able to
load the schema, if you can give me some pointers would be
appreciated.
What i want is when firsttime any user logs in he will asked
to change
his password.
1. try to start slapd with "-d config"
2. take a look to
http://www.zytrax.com/books/__ldap/ch6/ppolicy.html
<
http://www.zytrax.com/books/ldap/ch6/ppolicy.html>
WBR
Regards,
Neo
I am not a expert in OpenLDAP so please help me.
2011/8/14 Dmitriy Kirhlarov <
dimma@higis.ru