Date: Tue, 6 Feb 2018 23:20:37 -0700 (MST) From: zjlinickey <ss713048@gmail.com> To: freebsd-net@freebsd.org Subject: Netgroup using LDAP in FreeBSD 11.1 Message-ID: <1517984437871-0.post@n6.nabble.com>
next in thread | raw e-mail | index | archive | help
Hi We try to use netgroup and backend is LDAP. We use nss-pam-ldapd, it contains nss_ldap, pam_ldap and nslcd. passwd and group have been impelemented in nslcd, and work ok. But nslcd looks like not impelement function __nss_compat_getnetgrent_r in FreeBSD. There in only __nss_compat_getgrent_r in libc. I found the patch, https://people.freebsd.org/~markj/patches/nss_ldap_netgroup.patch, but looks like it didn't patch to libc. We reference the patch and try to impelement the function __nss_compat_getnetgrent_r, getent netgroup <netgroup_name> looks like ok. But when netgroup's entry contain another group, it will be wrong. e.g. all-users teamA teamB teamA (,Bob,) (,Alice,) teamB (,Eric,) (,Andy,) Help will be greatly appreciated, as this could impact other ways our system still need netgroup... My nsswitch.conf is: group: files ldap hosts: files dns networks: files ldap netgroup: ldap passwd: files ldap shells: files services: compat services_compat: files protocols: files rpc: files LDAP schema is: dn: cn=testNetgroup,ou=Netgroup,dc=mydomain,dc=com objectClass: nisNetgroup objectClass: top cn: testNetgroup nisNetgroupTriple: (,aaa,) nisNetgroupTriple: (,bbb,) nisNetgroupTriple: (,ccc,) Thank you! Z. J. Lin -- Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1517984437871-0.post>