Re: Trouble with nisnetgrouptriple syntax / RFC 2307

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Wed, 2008-07-16 at 15:08 -0400, Jeff Blaine wrote:
> Changing the definition of nisNetgroupTriple in nis.schema
> to the modern-but-unofficial definition solves the problem
> for us.  We'll just need to remember to always drop our
> nis.schema in place with every OpenLDAP upgrade :/
> 
> attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
>           DESC 'Netgroup triple'
>           EQUALITY caseIgnoreIA5Match
>           SUBSTR caseIgnoreIA5SubstringsMatch
>           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> 
> FWIW, from the ldap man page for Solaris:
> 
>        Solaris LDAP clients use the LDAP v3 protocol to access nam-
>        ing information from LDAP servers. The LDAP server must sup-
>        port the object classes and attributes defined in RFC2307bis
>        (draft),  which maps the naming service model on to LDAP.
> 
> I wonder what, if any, other problems I'll run into with
> Solaris clients querying non-Solaris OpenLDAP servers.

Nothing relating to RFC2307bis, mainly bugs in Solaris, and lack of
support for newer standards (start_tls, support for
SubjectAlternativeNames in SSL certificates etc.).

Regards,
Buchan