[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-dynlist search member=value search?



Aleksander Adamowski wrote:
> Pierangelo Masarati wrote:
>>
>>> I believe that nss_ldap also does both types of search.
>> No it doesn't.  It is designed check presence of user's DN in
>> well-specified groups.
> Well, on Debian 4.0 with libnss-ldap 251-7.5 I can see that it _does_
> search for memberUID:
> 
> Aug 22 07:55:01 myserver slapd[3617]: conn=0 op=4719 SRCH base="o=MyOrg"
> scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=www-data))"
> 
> If the www-data user would belong to any dynamic groups, nss-ldap
> wouldn't find it out.

My mistake: I was thinking of pam_ldap.

I'd like to move the discussion of the rest to openldap-devel; a
separate response follows.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------