[Date Prev][Date Next] [Chronological] [Thread] [Top]

nested groups for openldap v2.2

Hi All,



Versions of my software are :

OpenLDAP 2.2.13-7.4E

Samba : 3.0.10-1.4E.11


I am a newbie trying to implement nested groups for openLDAP.

Does the above version of OpenLDAP support nested groups ?


I have been trying multiple ways to implement nested groups

(1)    As per my understanding, I could add sids of the subgroups as value of sambSIDList

My ldif file :

dn: cn=PDM,ou=Groups,dc=example,dc=com

cn: PDM

objectClass: posixGroup

objectClass: sambaGroupMapping

gidNumber: 625

sambaSid: S-1-5-21-3782130030-2455357663-1162092550-626

sambaGroupType: 2

sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-620 ß another group entry

sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-622 <- another group entry


This does not  work for me. I read somewhere that this just works for local groups and not domain groups which all of the above groups are.


(2)    Another idea was to edit the nis.schema and include “member” attribute in posixGroup, which can take  other group entries as members.

My ldif file is:

dn: cn=LKM2,ou=Groups,dc=example,dc=com

cn: LKM2

objectClass: posixGroup

objectClass: sambaGroupMapping

objectClass: top

gidNumber: 6099

sambaSid: S-1-5-21-3782130030-2455357663-1162092550-6090

sambaGroupType: 5

displayName: example

member: cn=LKM,ou=groups,dc=example,dc=com

member: cn=ken1,ou=People, dc=example,dc=com


Even this did not work.


Am I missing something?

Do let me know if I should post output of something else also.

Thanks in advance.


Apologies if I posted this twice.