> Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis. Just to clarify, then, are you saying that if I use RFC2307bis so that I can define a group that built from object classes posixGroup and groupOfNames, and I define the membership of that group using the groupOfNames member attribute then a Linux system configured to use LDAP will resolve a user's account name to their full DN for matching against that group? Are nested groups supported?
If that is the case, where can I find documentation for this, please? Regards Philip On 24 February 2014 14:27, Howard Chu <h...@symas.com> wrote: > Philip Colmer wrote: >> >> This was an area where I also got stuck when researching this last year. >> My >> conclusions were: >> >> 1. UNIX needs group membership to be UIDs and not DNs, so attempts to use >> a >> class that defines members with DNs are likely to fail. > > > Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/