NIS replacements - netgroup

[Steve Huston <huston@astro.princeton.edu>]

I saw a post from awhile ago about the role of netgroups in replacing NIS with
LDAP, and I have a couple questions (especially since I haven't seen any newer
posts on the matter):

1) Does nss_ldap support netgroups now?  I saw mention that it works in Linux
but not Solaris, which is fine since we're probably going to go the PADL
NIS/LDAP gateway method for awhile as we changeover anyway.  I also realize
that this list isn't for that software, but I'm sure there's some people here
that use it.

2) There was a question posed on comp.unix.solaris asking about the size
limitations on netgroups that are placed in LDAP (see
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=3EC3A26F.9040305%40mail.hongkong.com&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DISO-8859-1%26safe%3Doff%26q%3Dldap%2Bnetgroup%2Blimitation%26sa%3DN%26tab%3Dwg
).  While I understand the response (namely that one can break up a large
netgroup into smaller ones that are all included by the "main" one, as in the
example provided), my question is whether or not that limitation still exists
in a LDAP setting.  Our netgroup map is split as mentioned, and I'm wondering
if during the migration I can merge it all back into one large map.  This
would also clean up the netgroup.byhosts map as well, and it's mostly cosmetic
but keeping the maps split up has caused a couple administration issues in the
past (namely when one doesn't realize they're one entry away from hitting the
wall, and suddenly '(cd /var/yp ; make)' fails).

Thanks!

-- 
Steve Huston - Unix Systems Admin, Dept. of Astrophysical Sciences
 Princeton University  |     ICBM Address: 40.346525   -74.651285
   126 Peyton Hall     |"On my ship, the Rocinante, wheeling through
 Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
   (609) 258-7375      | headlong into mystery."  -Rush, 'Cygnus X-1'