Re: nested groups in Openldap

>>i want to use nested groups with nss-ldap.
>>I have two questions:
>>  > Is it possible to realize this in Openldap? Which objectClass do I
>> need
>>and which parammeters must I configure?
> One can store nested group objects in a directory hosted by slapd(8).
> Whether or not nested group objects are supported by any particular
> application is up to that application.  (slapd(8), itself, as an
> application of the directory, doesn't (for instance, in "by group"
> access clauses).

Just for the records: there's a workaround, you can use nested groups in
slapd's access control by means of sets; see
<http://www.openldap.org/faq/data/cache/1133.html>, something like

access to *
    by set="user & [cn=group]/member*" read

Use with care.  This doesn't answer your question, though.


Pierangelo Masarati

