Quanah Gibson-Mount wrote:
--On Wednesday, February 10, 2016 9:50 AM +0000 Miltos Tereres
<[email protected]> wrote:
The problem is that this doesn't work if the user values are in a nested
group, it only works if the users are in my main group (xv64ut09).
I would guess that linux / sssd can support this type of nesting. Is
there a change that needs to be done from the ldap server side, in the
schema, or maybe something else that I have missed? I am using the
rfc2307bis...
There is nothing in the server or in the LDAP protocol that supports nested
groups. As such, it is the client's responsibility to process them if it wants
them. So you need to look into sssd's documentation.
I'm not clear what you mean by nested group? Do you mean another group that's
a child entry of the parent? If so, then no, your filter wouldn't work for
that. It is clearly only looking at users that specifically are members of
the xv64ut09 group.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
