Dear all, I am trying to enable z/VM LDAP/RACF configuration to consolidate to user administration into one directory. In principle the thing works fine however I have a question regarding the right configuration:
LDAP allows for dynamic groups. Those groups are based on LDAP queries and avoid the need of adding/deleting manually users to such groups. I defined a dynamic group called "users" that would qualify all accounts that have the attribute uid. The memberURL is as follows: dn: cn=users,dc=xxx objectclass: posixGroup objectclass: top objectclass: ibm-dynamicGroup cn: users gidnumber: 100 memberurl: ldap:///dc=xxx??one?(&(objectClass=person)(uid=*)) When I login now with a user I see the following: $ id uid=11002(xbilek) gid=90000(usrys) groups=90000(usrys) but it should look like id=11002(xbilek) gid=90000(usrys) groups=100(users), 90000(usrys) The getent group command shows only the name of the groups but no members: getent group users shows only: users:x:100: getent group usrys: shows only: users:x:90000: Maybe the posixGroup is not the best. Is there a howto describing the parameters that need to be checked in ldap.conf? Thank you very much in advance. -- Best regards Florian Bilek ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
