Aleksander Adamowski wrote: > Pierangelo Masarati wrote: >> >>> I believe that nss_ldap also does both types of search. >> No it doesn't. It is designed check presence of user's DN in >> well-specified groups. > Well, on Debian 4.0 with libnss-ldap 251-7.5 I can see that it _does_ > search for memberUID: > > Aug 22 07:55:01 myserver slapd[3617]: conn=0 op=4719 SRCH base="o=MyOrg" > scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=www-data))" > > If the www-data user would belong to any dynamic groups, nss-ldap > wouldn't find it out.
My mistake: I was thinking of pam_ldap. I'd like to move the discussion of the rest to openldap-devel; a separate response follows. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
