Quanah Gibson-Mount wrote:
--On Wednesday, February 10, 2016 9:50 AM +0000 Miltos Tereres <fo_ko@outlook.com> wrote:The problem is that this doesn't work if the user values are in a nested group, it only works if the users are in my main group (xv64ut09). I would guess that linux / sssd can support this type of nesting. Is there a change that needs to be done from the ldap server side, in the schema, or maybe something else that I have missed? I am using the rfc2307bis...
There is nothing in the server or in the LDAP protocol that supports nested groups. As such, it is the client's responsibility to process them if it wants them. So you need to look into sssd's documentation.
I'm not clear what you mean by nested group? Do you mean another group that's a child entry of the parent? If so, then no, your filter wouldn't work for that. It is clearly only looking at users that specifically are members of the xv64ut09 group.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/