[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unix primary groups: member attributes in the Groups tree?


This is not strictly openldap, but it should be a common problem. I am
suprised nobody ran into this earlier.

Here is an interesting inter-nonoperability issue. So I used the migrate
scripts from PADL to dump NIS+ user and group maps into an LDAP directory.
Well and good. However, Solaris stores the primary group membership
information in the gid field in the passwd map. As Unix usually does. :)

Enter auth_ldap, authentication module for Apache. When I use the "require
valid group" directive, the code searches the group entry for the "member"
attribute with the value of the current user. The trouble is, there usually
are none, because the group map on NIS+ did not define it, except in the
case of secondary groups.

Not that it's very diffucult to manually hack this, but there has got to be
an official solution!

Thanks in advance,
Simon (Vsevolod ILyushchenko)   simonf@cshl.edu   
http://www.simonf.com          simonf@simonf.com 

"A man who feels himself a citizen of the world whose 
loyalty is to the human race and to life, rather than 
to any exclusive part of it; a man who loves his country 
because he loves mankind, and whose judgement is not 
warped by tribal loyalties." Erich Fromm