Always the way - the LDAP enabled app/hardware falls one inch short of doing what you need ...

In this case a Juniper VPN box which I need to check LDAP netgroup membership for access control but it doesn't quite understand netgroups. The

nisnetgrouptriple=(,username,)

format is the stumbling block as I need just the username. I was looking at creating a dynamic group on the LDAP server itself to contain the same usernames as in the netgroup but in a simple format the VPN box could query. Anybody have an idea how to do this with dynamic groups? Essentially, I need a query to turn this:

cn=netgroup1 nisnetgrouptriple=(,user1,) nisnetgrouptriple=(,user2,)

into something like this:

cn=dynamic-group1 uniquemember=user1 uniquemember=user2

PK

-- Philip Kime NOPS Systems Architect 310 401 0407