On Thu, 8 Apr 2010, alois blasbichler wrote:
Hello list
We use our Openldap with a lot of applications like apache, squid, samba ...
What for us whould be very usefull is to define in ldap groups with users and other groups therin.
Is this possible in Ldap or maybe with the nss-module ?
It is, although you should search for nss documentation, not openldap. Anyway search for uniqueMember and memberOf attributes. Commands like "members" and "getent" will be helpful in diagnostics. In older versions of libnss ( dunno which version you have ), there was an issue regarding to order of nsswitch line , the difference between
"group: ldap files" and "group: files ldap"
Whole stuff also generates other issues, conceptually, like recursive loops in nested groups and similar. But it works anyway.
Regards, DT