Am 14.11.12, schrieb Jean-Francois Saucier <jsauc...@gmail.com>: > Hi everyone, > > I just installed 389-ds on Fedora and have a problem with Solaris clients. > > Everything works well on the Linux side (Fedora, CentOS and RHEL clients > works fine). > > On the Solaris side, I got everything to work too (pam, ssh, getent passwd, > getent group, ldaplist -l paswd, ldaplist -l group, etc). I used the native > Solaris ldapclient tool to make everything work. > > > The problem I have is with the Group attribute. In 389-ds, the group are > created with the objectClass "groupofuniquenames" and the members are listed > with the attribute "uniqueMember". I manually add the objectClass > "posixgroup" to allow the group to be visible on the client. > > > With this configuration, everything work fine in Linux. In Solaris, I can see > the group with "getent group" but there are no member. What I have found is > that Solaris need it's member to be in the "memberUid" attribute and not in > the "uniqueMember" attribute. > memberUid is standard for posixGroups and works for Linux clients too.
> > > > Also, I found that while uniqueMember require a full qualification > (uid=jeff,ou=people,dc=test,dc=com), the memberUid just require the uid > (jeff). > > > What should I do to make this work easy on Solaris? Adding the memberUid by > hand is not an option because it's sure there will be a difference between > the uniqueMember and memberUid list in some point in time. > How you add uniqueMember? If you want to continue to maintain uniqueMember than you have the following options: - try to use winbind of Samba on the Solaris client to resolve the groups - map uniqueMember to memberUid with a script in your preferred scripting language - in an AD - DS replication setup there is contained a logic which maps uniquemember to memberUid automatically. This can also triggered via a task. > > > > > Thank you! > > -- > Jean-Francois Saucier (djf_jeff) > GPG key : 0xA9E6E953 > Regards -- Carsten Grzemba
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
