[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapo-dynlist search member=value search?
Aleksander Adamowski wrote:
> Pierangelo Masarati wrote:
>>
>>> I believe that nss_ldap also does both types of search.
>> No it doesn't. It is designed check presence of user's DN in
>> well-specified groups.
> Well, on Debian 4.0 with libnss-ldap 251-7.5 I can see that it _does_
> search for memberUID:
>
> Aug 22 07:55:01 myserver slapd[3617]: conn=0 op=4719 SRCH base="o=MyOrg"
> scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=www-data))"
>
> If the www-data user would belong to any dynamic groups, nss-ldap
> wouldn't find it out.
My mistake: I was thinking of pam_ldap.
I'd like to move the discussion of the rest to openldap-devel; a
separate response follows.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------