Rochette_Jean-Louis@emc.com wrote:
Hi Howard, thank you for your answer, though I found it severe and not very constructive.
Our purpose is to deliver an LDAP implementation that complies strictly with the existing specs; that's the only way to guarantee interoperability. Altering the files we bundle to be non-compliant with the published specs is always a bad idea. If you find that some schema is deficient, as is the case with the RFC2307/NIS schema, the correct solution is to fix the spec first.
I finally found the solution at: http://www.openldap.org/lists/openldap-software/200501/msg00309.html Since people have been having problems with this case for at least 2 years now, I think it's worth to put the solution in this ITS entry: To allow searching for netgroups by triple, possibly using wildcards, you have to change the nis.schema which comes with openldap as follows: attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # EQUALITY and SUBSTR directives added, SYNTAX changed. Jean-Louis.