[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dynlist and group membership (libnss-ldap, posixGroup, samba)



Felipe Augusto van de Wiel <felipe.wiel@hpp.org.br> writes:

> Thanks for replying. :-)
>
> On 20-05-2010 12:07, Dieter Kluenter wrote:
>> Felipe Augusto van de Wiel <felipe.wiel@hpp.org.br> writes:
> [...]
>>> 	The problem, is that I would expect and
>>> 'id userA' to include group 'active-samba-users'
>>> but it doesn't. But 'getent group active-samba-users'
>>> includes all the users:
>>>
>>> active-samba-users:*:999:userA,userB
>> [...]
>> 
>> modify the dynlist overlay configuration and rewrite the
>> labeledURI attribute value in order to match your
>> requirements.
>
> 	Well, that's kind of the problem, as I understood
> it, everything is just fine, the dynlist is working and
> adding the member fields as expected, the 'getent group'
> return the users equivalent to "dyngroup" and respective
> filter, but 'id' and the rest of the system, for some that
> reason that I'm obviously missing, doesn't seem the users
> as part of the group, although the group list the user in
> it. :-(

I see, so this is more a nss and pam problem than a openldap
issue. You may try the nssov overlay, see man slapo-nssov(5), although
I have no vital experience with this overlay.

-Dieter
-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6