[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap rewrite 2307 group attribute



Tyson Lambert wrote:

Hello,

I'm trying to translate an attribute in active directory to one I can
use with my unix boxen.  Right now I'm using attribute mappings in
much the same fasion as padl's nss_ldap module which is working great
except for the posix group attribute.  My AD server stores unix groups
like so in an object class

Group:

msSFU30PosixMember=CN=nixuser,CN=Users,DC=circus,DC=test,DC=com
msSFU30PosixMember=CN=nixuser2,CN=Users,DC=circus,DC=test,DC=com
msSFU30PosixMember=CN=turkey,CN=Users,DC=circus,DC=test,DC=com

What I need is:

posixGroup:

memberuid=nixuser
memberuid=nixuser2
memberuid=turkey


No, what you need is to recompile your nss_ldap with support for RFC2307bis, which uses DN-valued members for posixGroup.
And of course, further discussion of this topic belongs on the nss_ldap mailing list, it has nothing to do with OpenLDAP software.


--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support