Justin Edmands wrote:
Thank god you got that off of your chest. the solution is:
And OpenLDAP actually has a knowledgeable community that responds to posts,
and gives correct answers.
ldap_group_member = memberUid
You should look into switching to RFC2307bis; using non-DNs for references
within an LDAP directory is a really bad idea.
ldap_group_search_base = ou=Group,dc=mysite,dc=com
after flushing cache, the clients see the proper groups.
That should concern you too. You're now knowingly relying on a caching
mechanism that serves stale data for your systems' base security. You should
look into using OpenLDAP nssov+pcache instead; pcache has active cache refresh
among other things so you don't need to restart or flush anything to keep your
system security up to date.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/