I've come across the same problem as the original poster found here:
http://www.openldap.org/lists/openldap-technical/200804/msg00127.html
The only reply to him indicated that his syntax was incorrect for nisnetgrouptriple according to RFC 2307.
I cannot see how it is invalid based on the syntax definition from RFC 2307.
My example:
dn: cn=users1,ou=Netgroup,dc=rcf,dc=foo,dc=com objectClass: nisNetgroup objectClass: top cn: users1 nisNetgroupTriple: (-,asgen2m,) nisNetgroupTriple: (-,apdons,) nisNetgroupTriple: (-,ffeins,) nisNetgroupTriple: (-,faullton,)
The syntax definition:
nisnetgrouptriple = "(" hostname "," username "," domainname ")" hostname = "" / "-" / keystring username = "" / "-" / keystring domainname = "" / "-" / keystring
Does that not state that hostname, username, domainname can each be ANY of:
empty - keystring
??
Any guidance would be welcome!
Jeff Blaine