nss_ldap supports nested groups simply by having a group member being
a group itself. The group member must be a DN, so the uniqueMember or
member attribute would typically used (not memberUid).
This isn't actually specified in RFC 2307.
You also need to have rfc2307bis support enabled in nss_ldap, by
putting nss_schema rfc2307bis in ldap.conf.
-- Luke
On 15/04/2008, at 4:44 PM, Andreas Moroder wrote:
> Hello,
>
> I already posted a question about groups in groups.
> Now I studied the code in grp.c, but I must admit I did non
> understand how it works. From the comments I understand that it
> should be possible to create nested groups but I don't understand
> how to do this in opendalp an what the result of nested groups is.
>
> What I am seraching for is a way to have groups that have groups as
> member and their members ( with memberUID ) should also be seen as
> member of the upper group in linux.
>
> Can anyone please help me or tell me where I can find good
> documentation ( please not the RFC )
>
> From what version on does nss_ldap support nested groups ?
>
> Thanks
> Andreas
>
>
--
www.padl.com | www.fghr.net
