Thanks in advance for any answers to this query, and thanks to the geniuses who wrote and maintain OpenLDAP.
I have OpenLDAP running on my Ubuntu Intrepid server. I have installed the various PAM and NSS bits and pieces to allow integrated authentication. I can now use users and groups stored in LDAP database to do shell logins, permission files and authenticate Apache secure connections (hooray!). It also is set up so that Unix user accounts and groups still function outside of LDAP as expected.
However, there is one quirk to this. I can make LDAP users members of Unix groups and this works fine. I cannot however do the equivalent: make Unix users working members of LDAP groups. I can put them in the groups, but the the system command "id -nG" does not list the LDAP groups and the filesystem fails to pick up the permissions.
Is this behaviour by design? Can the relevant modules be configured to allow LDAP groups have Unix users as members?