On Thu, 2008-05-08 at 08:43 +0200, Bas van der Vlies wrote: > I have found the problem. I am using 'memberNisNetgroup' atrribute. If i > use the 'nisNetgroupTriple' attribute it is working. In NIS you can > specifiy groups and triples to nisnetgroup. So the padl nss-ldap library > handles this correctly and nss-ldapd/netgroup utility only parses the > 'nisNetgroupTriple' attribute.
Actually, the way I read rfc2307, a nisNetgroup object has the following possible member-like attributes: nisNetgroupTriple which may only contain (user, host, domain) triples memberNisNetgroup which contain references to other netgroups that are a part of this netgroup nss-ldapd should parse entries like this. So having triples in the memberNisNetgroup attribute isn't supported. If you also have the triples in the memberNisNetgroup (and you really want to keep that), you could add map netgroup nisNetgroupTriple memberNisNetgroup to /etc/nss-ldapd.conf. This is a bit of a hack and not really recommended. It's better to fix the contents of the directory. This setup may give you warnings about unparseable triples (where references to other netgroups are entered) and will result in more LDAP lookups that you would expect (for each triplet it will also try a lookup as netgroup). For more information, see: http://www.ietf.org/rfc/rfc2307.txt http://ldap.akbkhome.com/index.php/objectclass/nisNetgroup.html -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part