[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM and LDAP Problem

"Norm Dressler" <ndressler@dinmar.com> writes:

> I have tried to establish groups in my LDAP directory as well.  I am using a
> tool called directory_administrator and its working great.  It creates the
> following in my ldap:
> dn: cn=mygroup,dc=dinmar,dc=com
> objectclass: top
> objectclass: posixGroup
> cn: mygroup
> gidnumber: 2005
> uniquemember: uid=ndressler, dc=dinmar,dc=com

If you want to use posixGroup member lists defined with distinguished
names, you have to recompile nss_ldap with flag -DRFC2307BIS.  Recent
versions have moved to use GNU autoconf so, instead of mangling
Makefiles, you would just:

        configure --with-ldap=openldap --enable-rfc2307bis

It works for me.

BTW, you need to add groupOfUniqueNames to objectClass.