I've come across the same problem as the original poster found
here:
http://www.openldap.org/lists/openldap-technical/200804/msg00127.html
The only reply to him indicated that his syntax was incorrect
for nisnetgrouptriple according to RFC 2307.
I cannot see how it is invalid based on the syntax definition
from RFC 2307.
My example:
dn: cn=users1,ou=Netgroup,dc=rcf,dc=foo,dc=com
objectClass: nisNetgroup
objectClass: top
cn: users1
nisNetgroupTriple: (-,asgen2m,)
nisNetgroupTriple: (-,apdons,)
nisNetgroupTriple: (-,ffeins,)
nisNetgroupTriple: (-,faullton,)
The syntax definition:
nisnetgrouptriple = "(" hostname "," username "," domainname ")"
hostname = "" / "-" / keystring
username = "" / "-" / keystring
domainname = "" / "-" / keystring
Does that not state that hostname, username, domainname
can each be ANY of:
empty
-
keystring
??