[Date Prev][Date Next] [Chronological] [Thread] [Top]

group issues



hello,
openldap 1.2.10, redhat 6.2 (intel) and solaris 8, pam_ldap v65, and
nss_ldap v113.

i am having numerous problems getting groups to work properly for me.

what i would like is to have a group with members specified by full DN
that would work with both openldap ACLs and with nss_ldap/pam_ldap for
supplementary groups.

if i use:
dn: cn=group0,ou=group,dc=domain,dc=edu
cn: group0
gidnumber: 5000
objectclass: top
objectclass: groupOfNames
objectclass: posixGroup
memberuid: member0

then:
nss_ldap handles supplementary groups fine but openldap ACLs don't
work.

if i use:
dn: cn=group0,ou=group,dc=domain,dc=edu
cn: group0
gidnumber: 5000
objectclass: top
objectclass: groupOfNames
objectclass: posixGroup
member: uid=member0,ou=people,dc=domain,dc=edu

then:
nss_ldap doesn't handle supplementary groups (as such leaving the
user as a member of only his/her primary group) but openldap ACLs do
work.

obviously what i want is to have supplementary groups work *and*
openldap ACLs work.

if anyone has any suggestions for what i could try or am doing wrong,
i'd greatly appreciate hearing from you as right now i'm stumped.

thanks,
blair christensen