Hi, 2009/3/12 Dave Ewart <da...@ceu.ox.ac.uk>: > On Wednesday, 11.03.2009 at 22:01 +0100, Martin wrote: > >> OK I Managed to get at least group memberships (somehow working): >> >> # getent group testers users; id john.doe >> testers:*:5001:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name >> users:*:5000:cn=Dummy,uid=john.doe,ou=People,dc=marcher,dc=name >> uid=1000(john.doe) gid=5000(users) groups=5000(users) >> >> now, why doesn't it work so that I just have john.doe as a member but >> instead the full DN of the ldap object? > > Your 'cn=testers' entry includes the full DN, so that's what gets > returned.
Well that is somewhat "on purpose" the goal of the project is to only have to maintain groups like this: dn: cn=testers,ou=Group,dc=marcher,dc=name objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: testers gidNumber: 5001 member: uid=john.doe,ou=People,dc=marcher,dc=name (mind the "member" attribute) with rfc2307bis posixGroup is auxilliary and libnss-ldap should be able to handle that. I just can't figure out how :( /martin -- http://soup.alt.delete.co.at http://www.xing.com/profile/Martin_Marcher http://www.linkedin.com/in/martinmarcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
