Sorry for late response.
Yes, it resolves the DN properly along with secondary groups.
[psundaram@ldap02 ~]$ id psundaram
uid=2100(psundaram) gid=1000(staff)
groups=1050(people),2000(admins),1000(staff)
I will test the mapping attribute in a week or so.
-Prashanth
On Thu, 2010-05-06 at 14:45 -0400, Prashanth Sundaram wrote:
I got around this by changing the ldap.conf.
pam_filter objectclass=posixAccount
pam_member_attribute uniquemember
I haven;t tested this but you can also map the memberuid and memberof
to Uniquememember. So the nss_ldap checks the uniquemember value every
time.
nss_map_attribute memberuid uniqueMember
nss_map_attribute member uniqueMember
My Group looks like this.
dn: cn=GROUP1,ou=Group,dc=DOMAIN,dc=COM
objectClass: groupOfUniqueNames
objectClass: posixGroup
objectClass: top
gidNumber: 3300
uniqueMember: uid=userid1,ou=People,dc=DOMAIN,dc=COM
uniqueMember: uid=userid2,ou=People,dc=DOMAIN,dc=COM
uniqueMember: uid=userid3,ou=People,dc=DOMAIN,dc=COM
uniqueMember: uid=userid4,ou=People,dc=DOMAIN,dc=COM
uniqueMember: uid=userid5,ou=People,dc=DOMAIN,dc=COM
<snip>
Does getent properly handle the DN? I may be wrong but I thought I tried
this and it failed. I could easily have messed up due to my ignorance.
Thanks - John