[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group in groups

On Thu, 8 Apr 2010, alois blasbichler wrote:

> Hello list
> We use our Openldap with a lot of applications like apache, squid, samba ...
> What for us whould be very usefull is to define in ldap groups with users and
> other groups therin.
> Is this possible in Ldap or maybe with the nss-module ?

It is, although you should search for nss documentation, not openldap.
Anyway search for uniqueMember and memberOf attributes. Commands like 
"members" and "getent" will be helpful in diagnostics. In older versions
of libnss ( dunno which version you have ), there was an issue regarding
to order of nsswitch line , the difference between 

"group: ldap files" and "group: files ldap"

Whole stuff also generates other issues, conceptually, like recursive 
loops in nested groups and similar. But it works anyway.