Hello, I'd like to use the rfc2307bis schema on our openldap server (I know it's deleted by IETF). However I can't quite figure out how I could convince either pam_ldap and/or nss_ldap to accept the group memberships. All the groups a are found, the users are found but I couldn't figure out what I need to tell /etc/pam_ldap.conf to accept the memberships as set in the ldif entries below.
Like mentioned in the subject I'd like to use the member attribute instead of the memberUid so that I don't have to keep track of members twice. Using these packages for the ldap stuff: libnss-ldapd - NSS module for using LDAP as a naming service libpam-ldap - Pluggable Authentication Module for LDAP NSCD is not used right now, so that I don't have to deal with caching issues. All of the above happens on current stable (Lenny) # cat /etc/debian_version 5.0 any help? Martin # getent group |grep 500 users:*:5000:john.doe testers:*:5001: # getent passwd|grep doe john.doe:x:1000:5000:,,,:/home/exuser:/bin/bash # id john.doe uid=1000(john.doe) gid=5000(users) groups=5000(users) ldif entries: dn: cn=users,ou=Group,dc=example,dc=com objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: users gidNumber: 5000 member: cn=Dummy member: uid=john.doe,ou=People,dc=example,dc=com dn: cn=testers,ou=Group,dc=example,dc=com objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: testers gidNumber: 5001 member: cn=Dummy member: uid=john.doe,ou=People,dc=example,dc=com -- http://soup.alt.delete.co.at http://www.xing.com/profile/Martin_Marcher http://www.linkedin.com/in/martinmarcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
