SUMMARY: netgroups not working with LDAP

From: Willi Burmeister <wib_at_informatik.uni-kiel.de>
Date: Fri Aug 12 2011 - 00:48:57 EDT
Hi all,

netgroups are indeed working with LDAP. A wrong attribute was the cause 
of our problems.

Our LDAP entry looked like this:

  dn: cn=sodom,ou=netgroup,dc=informatik,dc=uni-kiel,dc=de                                                                               
         cn: sodom                                                                                                                       
         nisNetgroupTriple: (-,ingres,)                                                                                                  
         nisNetgroupTriple: (-,tomcat,)                                                                                                  
         nisNetgroupTriple: rbg          <-----                                                                                          
         objectClass: top
         objectClass: nisNetgroup

A correct entry has to be

dn: cn=sodom,ou=netgroup,dc=informatik,dc=uni-kiel,dc=de
       cn: sodom
       nisNetgroupTriple: (-,ingres,)
       nisNetgroupTriple: (-,tomcat,)
       memberNisNetgroup: rbg            <-----
       objectClass: top
       objectClass: nisNetgroup

Thanks to Tim Wright for finding the bug.

After correcting this I could login fine and the ldap logfiles shows recursive
requests as expected.

My apologies to Milan Jurik thinking his code could have a bug :-))

The lesson learned (again) is always look twice and then ask somebody
else to look too. 

Btw. ldapaddent only works on a configured ldap client. This is
not the case for our main nameserver. So I had to write something
myself. Always error-prone :-()

Thanks to all for the assistance, especially:

From: Rob De Langhe <rob.de.langhe@twistfare.be>                                                                                           
From: Rachel Polanskis <grove@zeta.org.au>
From: Sal Serafino <serafino@cshl.edu>
From: Milan Jurik <milan.jurik@oracle.com>
From: Tim Wright <tim.dormouse@gmail.com>


Greetings

Willi
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Aug 12 00:49:27 2011

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:18 EST