[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dynlist and group membership (libnss-ldap, posixGroup, samba)

Felipe Augusto van de Wiel <felipe.wiel@hpp.org.br> writes:

> Thanks for replying. :-)
> On 20-05-2010 12:07, Dieter Kluenter wrote:
>> Felipe Augusto van de Wiel <felipe.wiel@hpp.org.br> writes:
> [...]
>>> 	The problem, is that I would expect and
>>> 'id userA' to include group 'active-samba-users'
>>> but it doesn't. But 'getent group active-samba-users'
>>> includes all the users:
>>> active-samba-users:*:999:userA,userB
>> [...]
>> modify the dynlist overlay configuration and rewrite the
>> labeledURI attribute value in order to match your
>> requirements.
> 	Well, that's kind of the problem, as I understood
> it, everything is just fine, the dynlist is working and
> adding the member fields as expected, the 'getent group'
> return the users equivalent to "dyngroup" and respective
> filter, but 'id' and the rest of the system, for some that
> reason that I'm obviously missing, doesn't seem the users
> as part of the group, although the group list the user in
> it. :-(

I see, so this is more a nss and pam problem than a openldap
issue. You may try the nssov overlay, see man slapo-nssov(5), although
I have no vital experience with this overlay.

Dieter Klünter | Systemberatung
sip: +49.40.20932173