vip43@mail.ru wrote:
Yes i mean nested groups, ...and IT WORK ! just because of 'member'-attribute, - just add it to 'posixGroup'-objectclass ,and you can add members like this:
There's no doubt that you can store nested groups in your OpenLDAP database. But the question is whether any LDAP client used (e.g. nss_ldap) evaluates the nested grouping. posixGroup was at first meant for something like nss_ldap.
where IT is another posixGroup, As result - members of IT-group becomes to 'Domain Admins' I told you - it must works, you try, i'm already tested with Samba acl shares (and my Samba looking for Ldap)
It might work with Samba but may not work with other LDAP clients you're using. You have to check that.
Ciao, Michael.