[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: groups in groups

>I am looking for a way to have OpenLDAP as an authenticating mechanism
>to auth groups, and then more specificly: putting group A in group B
>and have OpenLDAP also expand group A to the membersUid's when a search
>for group B is done. In ldif format, this would look something like
>dn: cn=groupA,ou=Group,dc=example,dc=com
>cn: groupA
>gidNumber: 2001
>memberUid: me
>memberUid: someoneelse
>memberUid: another
>userPassword: {crypt}x
>objectClass: top
>objectClass: posixGroup
>dn: cn=groupB,ou=Group,dc=example,dc=com
>cn: groupB
>gidNumber: 2002
>memberUid: notme
>memberUid: againanother
>memberUid: whatever
>memberGid: groupA
>userPassword: {crypt}x
>objectClass: top
>objectClass: posixGroup

Sounds a bit like "seeAlso:" but I don't think nss behaves like that.  But
OpenLDAP will not 'merge' groups for you.  A seperate group is a seperate
group.  Some applications like nss support netgroups which will do

>where the memberGid does not exist of course.

? Not certain what this means.

>Is this possible?

Possible, theroreticlly, yes.  But I don't think it is implemented
anywhere inside slapd.