Arthur de Jong wrote:
On Thu, 2008-05-08 at 08:43 +0200, Bas van der Vlies wrote:
I have found the problem. I am using 'memberNisNetgroup' atrribute. If i
use the 'nisNetgroupTriple' attribute it is working. In NIS you can
specifiy groups and triples to nisnetgroup. So the padl nss-ldap library
handles this correctly and nss-ldapd/netgroup utility only parses the
'nisNetgroupTriple' attribute.
Actually, the way I read rfc2307, a nisNetgroup object has the following
possible member-like attributes:
nisNetgroupTriple
which may only contain (user, host, domain) triples
memberNisNetgroup
which contain references to other netgroups that are a part of this
netgroup
nss-ldapd should parse entries like this. So having triples in the
memberNisNetgroup attribute isn't supported.
If you also have the triples in the memberNisNetgroup (and you really
want to keep that), you could add
map netgroup nisNetgroupTriple memberNisNetgroup
to /etc/nss-ldapd.conf. This is a bit of a hack and not really
recommended. It's better to fix the contents of the directory.
This setup may give you warnings about unparseable triples (where
references to other netgroups are entered) and will result in more LDAP
lookups that you would expect (for each triplet it will also try a
lookup as netgroup).
Arthur,
Thanks for the explanation. I have ported memberNisNetgroup to
nisNetgroupTriple. In NIS you can mix those and i did not read the rfc's
and libnss-ldap is also misleading that is support this setup.
regards
--
--
********************************************************************
* *
* Bas van der Vlies e-mail: [EMAIL PROTECTED] *
* SARA - Academic Computing Services phone: +31 20 592 8012 *
* Kruislaan 415 fax: +31 20 6683167 *
* 1098 SJ Amsterdam *
* *
********************************************************************
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
