> On Fri, 06 Feb 2004 13:58:22 +0100, Simon Matter wrote: > >> I've tried using nss_ldap to do this and it works but it's not the best >> solution. > > Sounds interesting, at least as a band-aid for the time being. > > Could you tell a bit about your experiences, especially in the context of > permission handling for shared folders? > > Why don't you use it any more?
I didn't start using nss_ldap groups in production. I just tried to figure out how the 'group:xxxxx' ACLs work and how I can implement it easily. I added 'group: files ldap' to /etc/nsswitch.conf and voila, groups worked. The real problem I have at the moment is that all my LDAP servers are OpenLDAP 2.0.x and 2.1.x and they don't support dynamic groups. So it means I can use static groups ala rfc2307bis, which is also supported via nss_ldap, but it's not exactly what I wanted. Simon --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
