[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap rewrite 2307 group attribute

To: Howard Chu <hyc@symas.com>
Subject: Re: openldap rewrite 2307 group attribute
From: Tyson Lambert <tj.lambert@gmail.com>
Date: Tue, 7 Dec 2004 23:32:26 -0800
Cc: openldap-software@OpenLDAP.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=dPj8IOsDADSbIhWhzhyXt19ysD2p/rqQfgn5ne3+ppdy8C+C0POXET8qeezOFsoZDOfFtQE73rmGnyuvFOLfaA2TgWuYZKdTo+eX+fqa1vt3xU4/0u8c8jMXHc6GefYaKU3kTmhWxnfPm0rx5y0GEq2pjWzWDDWod+UjX7y3K8g=
In-reply-to: <41B6A1D9.6090702@symas.com>
References: <60ff47960412071712321475f@mail.gmail.com> <41B6A1D9.6090702@symas.com>

On Tue, 07 Dec 2004 22:40:25 -0800, Howard Chu <hyc@symas.com> wrote:
> Tyson Lambert wrote:
> 
> 
> 
> >Hello,
> >
> >I'm trying to translate an attribute in active directory to one I can
> >use with my unix boxen.  Right now I'm using attribute mappings in
> >much the same fasion as padl's nss_ldap module which is working great
> >except for the posix group attribute.  My AD server stores unix groups
> >like so in an object class
> >
> >Group:
> >
> > msSFU30PosixMember=CN=nixuser,CN=Users,DC=circus,DC=test,DC=com
> > msSFU30PosixMember=CN=nixuser2,CN=Users,DC=circus,DC=test,DC=com
> > msSFU30PosixMember=CN=turkey,CN=Users,DC=circus,DC=test,DC=com
> >
> >What I need is:
> >
> >posixGroup:
> >
> > memberuid=nixuser
> > memberuid=nixuser2
> > memberuid=turkey
> >
> >
> No, what you need is to recompile your nss_ldap with support for
> RFC2307bis, which uses DN-valued members for posixGroup.
> And of course, further discussion of this topic belongs on the nss_ldap
> mailing list, it has nothing to do with OpenLDAP software.

I'm only using the padl nss_ldap modules on the linux platforms and
aix 5.1 (due to lack of a native ldap client with 2307 support).  On
all of the other platforms it's neccessary to use the native ldap
clients.  So far so good except for the group issue.  I'm going to
look into 2307bis on the various platforms though and see where that
takes me.

Meanwhile.. how would one hypothetically do this with a rewrite?

-Tyson


> --
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
>

Follow-Ups:
- Re: openldap rewrite 2307 group attribute
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- openldap rewrite 2307 group attribute
  - From: Tyson Lambert <tj.lambert@gmail.com>
- Re: openldap rewrite 2307 group attribute
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: openldap rewrite 2307 group attribute
Next by Date: Replication problem with slurpd
Index(es):
- Chronological
- Thread