[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: groups in groups
>I am looking for a way to have OpenLDAP as an authenticating mechanism
>to auth groups, and then more specificly: putting group A in group B
>and have OpenLDAP also expand group A to the membersUid's when a search
>for group B is done. In ldif format, this would look something like
>dn: cn=groupA,ou=Group,dc=example,dc=com
>cn: groupA
>gidNumber: 2001
>memberUid: me
>memberUid: someoneelse
>memberUid: another
>userPassword: {crypt}x
>objectClass: top
>objectClass: posixGroup
>dn: cn=groupB,ou=Group,dc=example,dc=com
>cn: groupB
>gidNumber: 2002
>memberUid: notme
>memberUid: againanother
>memberUid: whatever
>memberGid: groupA
>userPassword: {crypt}x
>objectClass: top
>objectClass: posixGroup
Sounds a bit like "seeAlso:" but I don't think nss behaves like that. But
OpenLDAP will not 'merge' groups for you. A seperate group is a seperate
group. Some applications like nss support netgroups which will do
aggregation.
>where the memberGid does not exist of course.
? Not certain what this means.
>Is this possible?
Possible, theroreticlly, yes. But I don't think it is implemented
anywhere inside slapd.