Nested groups

Hello,

I already posted a question about groups in  groups.
Now I studied the code in grp.c, but I must admit I did non understand
how it works. From the comments I understand that it should be possible
to create nested groups but I don't understand how to do this in
opendalp an what the result of nested groups is.

What I am seraching for is a way to have groups that have groups as
member and their members ( with memberUID ) should also be seen as
member of the upper group in linux.

Can anyone please help me or tell me where I can find good documentation
  ( please not the RFC )

 From what version on does nss_ldap support nested groups ?

Thanks
Andreas

nss_ldap supports nested groups simply by having a group member being  
a group itself. The group member must be a DN, so the uniqueMember or  
member attribute would typically used (not memberUid).

This isn't actually specified in RFC 2307.

You also need to have rfc2307bis support enabled in nss_ldap, by  
putting nss_schema rfc2307bis in ldap.conf.

-- Luke

On 15/04/2008, at 4:44 PM, Andreas Moroder wrote:
--
www.padl.com | www.fghr.net

Luke Howard schrieb: Hello,


in slapo.conf I have added this line
nss_map_attribute uniqueMember member

and restarted the openldap server

Then I imported this object

dn: cn=atest, ou=groups, dc=sb-brixen,dc=it
gidNumber: 987
member:    cn=informatik, ou=groups, dc=sb-brixen,dc=it
userPassword:: e2NyeXB0fXg=
objectClass: top
objectClass: groupOfNames
objectClass: posixGroup
description: atest
cn: atest

I restarted ncsd to

The user amoroder ( me ) is member of the group informatik ( and other
groups )

now I tried with  "id amoroder"
I get as result all the groups I am mmebr of, but not the group atest(987).

What is wrong here. Are my assumptions wrong that amoroder should also
become member of the group at because "informatik" is member of atest ?

Thanks
Andreas