Hi All,
Versions of my software are : OpenLDAP 2.2.13-7.4E Samba : 3.0.10-1.4E.11
I am a newbie trying to implement nested groups for openLDAP. Does the above version of OpenLDAP support nested groups ?
I have been trying multiple ways to implement nested groups
(1) As per my understanding, I could add sids of the subgroups as value of sambSIDList My ldif file : dn: cn=PDM,ou=Groups,dc=example,dc=com cn: PDM objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 625 sambaSid: S-1-5-21-3782130030-2455357663-1162092550-626 sambaGroupType: 2 sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-620 <-- another group entry sambaSIDList: S-1-5-21-3782130030-2455357663-1162092550-622 <- another group entry
This does not work for me. I read somewhere that this just works for local groups and not domain groups which all of the above groups are.
(2) Another idea was to edit the nis.schema and include "member" attribute in posixGroup, which can take other group entries as members. My ldif file is: dn: cn=LKM2,ou=Groups,dc=example,dc=com cn: LKM2 objectClass: posixGroup objectClass: sambaGroupMapping objectClass: top gidNumber: 6099 sambaSid: S-1-5-21-3782130030-2455357663-1162092550-6090 sambaGroupType: 5 displayName: example member: cn=LKM,ou=groups,dc=example,dc=com member: cn=ken1,ou=People, dc=example,dc=com
Even this did not work.
Am I missing something? Do let me know if I should post output of something else also. Thanks in advance.
Apologies if I posted this twice. Rgds, Utsav
openldap-technical@openldap.org