[389-users] Nested groups ldap to PAM
Rich Megginson
rmeggins at redhat.com
Mon Dec 10 22:44:31 UTC 2012
On 12/10/2012 03:24 PM, Deas, Jim wrote:
>
> Fedora-DS is what I am currently using.
>
So if you have a group like this:
cn=group1,...
member: uid=foo,...
cn=group2,...
member: uid=bar,...
member: cn=group1,...
And your client queries group2, you want your client to see
member: uid=foo,...
member: uid=bar,...
without having to read member: cn=group1 and explicitly expand it?
389/Fedora DS can't do this.
> -----Original Message-----
> *From:* Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Monday, December 10, 2012 1:56 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Deas, Jim
> *Subject:* Re: [389-users] Nested groups ldap to PAM
>
> On 12/10/2012 02:29 PM, Deas, Jim wrote:
>
> I am about to upgrade our systems to the current version. One of my
> difficulty’s in the old version was the lack of nested groups.
>
> Is there a way with the current software to create nested groups in
> openldap
>
>
> Not sure what you mean by "in openldap". Are you using 389 or
> openldap server?
>
>
> that will be seen properly by the linux PAM module and Mac OSX?
>
> Regards,
>
> JD
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20121210/06ab1ec8/attachment.html>
More information about the 389-users
mailing list