Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Feb 2018 23:20:37 -0700 (MST)
From:      zjlinickey <ss713048@gmail.com>
To:        freebsd-net@freebsd.org
Subject:   Netgroup using LDAP in FreeBSD 11.1
Message-ID:  <1517984437871-0.post@n6.nabble.com>

next in thread | raw e-mail | index | archive | help
Hi

We try to use netgroup and backend is LDAP.
We use nss-pam-ldapd, it contains nss_ldap, pam_ldap and nslcd.
passwd and group have been impelemented in nslcd, and work ok.
But nslcd looks like not impelement function __nss_compat_getnetgrent_r in
FreeBSD.
There in only __nss_compat_getgrent_r in libc.

I found the patch, 
https://people.freebsd.org/~markj/patches/nss_ldap_netgroup.patch, but looks
like it didn't patch to libc. 
We reference the patch and try to impelement the function
__nss_compat_getnetgrent_r,
getent netgroup <netgroup_name> looks like ok.
But when netgroup's entry contain another group, it will be wrong.
e.g.
all-users teamA teamB
teamA (,Bob,) (,Alice,)
teamB (,Eric,) (,Andy,)

Help will be greatly appreciated, as this could impact other ways our system
still need netgroup...

My nsswitch.conf is:
group: files ldap
hosts: files dns
networks: files ldap
netgroup: ldap
passwd: files ldap
shells: files
services: compat
services_compat: files
protocols: files
rpc: files

LDAP schema is:
dn: cn=testNetgroup,ou=Netgroup,dc=mydomain,dc=com
objectClass: nisNetgroup
objectClass: top
cn: testNetgroup
nisNetgroupTriple: (,aaa,)
nisNetgroupTriple: (,bbb,)
nisNetgroupTriple: (,ccc,)

Thank you! 

Z. J. Lin




--
Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1517984437871-0.post>