On Thursday 12 June 2008 15:45:22 Doug Grantham wrote:
dn: cn=AAA,ou=group,dc=mydomain,dc=edu cn: AAA gidNumber: 601 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=BBB,ou=group,dc=mydomain,dc=edu cn: BBB gidNumber: 602 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER3,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
dn: cn=CCC,ou=group,dc=mydomain,dc=edu cn: CCC gidNumber: 603 member: uid=USER1,ou=people,dc=mydomain,dc=edu member: uid=USER2,ou=people,dc=mydomain,dc=edu member: uid=USER4,ou=people,dc=mydomain,dc=edu objectClass: top objectClass: posixGroup objectClass: groupofnames
This has been a really weird problem. The default groups are getting properly set but none of the other memberships are working. I've not found any help online and I'm pulling my hair out!
You are using rfc2307nis groups, I know the Solaris LDAP client doesn't use them by default. I don't see any information in the ldapclient man page regarding using DN-valued attributes for group membership.
For now, the best option may be to write a simple script which retrieves the member attributes, then retrieves the uid attribute for the member DNs, and populates them into the memberUid attribute for the group.
The autogroup module in contrib in 2.4 *may* be able to help you here (I haven't looked in detail).
Regards, Buchan