Florian Manschwetus wrote: >> Milan >> >> V ?t, 10. 03. 2009 v 17:34, Florian Manschwetus p??e: >> >>> This is exactly what I have done now, but doing a >>> getent group linuxadmin >>> >>> shows me only: >>> >>> root at filer2:~# getent passwd fm1007 >>> fm1007:x:10023:10000002:Florian Manschwetus:/home/fm1007:/bin/bash >>> root at filer2:~# getent group linuxadmin >>> LinuxAdmin::1000000: >>>
Solaris' nss_ldap module expects usernames as member (in accordance with rfc2307bis) but AD stores DN. Example: memberOf: CN=HimaliaAdmin,OU=SystemGroups,OU=linuxGroups,OU=Groups,DC=ntdom,DC=changed,DC=de That's why you are not seeing the memberlist. Hopefully someone will give you an update on whether this will be fixed or not. --Baban >>> On my linux machine (configured in the same way): >>> trac:~# getent passwd fm1007 >>> fm1007:*:10023:10000002:Florian Manschwetus:/home/fm1007:/bin/bash >>> trac:~# getent group linuxadmin >>> LinuxAdmin:*:1000000:schnitt,fm1007,jschroed,erwin >>> >>> >>> my ldap config script: >>> >>> cat ldapclientconfig.sh >>> #!/bin/bash >>> /usr/sbin/ldapclient -v manual \ >>> -a credentialLevel=self \ >>> -a authenticationMethod=sasl/GSSAPI \ >>> -a defaultSearchBase=DC=ntdom,DC=changed,DC=de \ >>> -a domainName=ntdom.changed.de \ >>> -a defaultServerList=dc1,dc2 \ >>> -a defaultSearchScope=sub \ >>> -a attributeMap=passwd:gecos=displayname \ >>> -a attributeMap=passwd:homedirectory=unixHomeDirectory \ >>> -a objectClassMap=shadow:shadowAccount=user \ >>> -a objectClassMap=group:posixGroup=group \ >>> -a objectClassMap=passwd:posixAccount=user \ >>> -a serviceSearchDescriptor=group:ou=Groups,dc=ntdom,dc=changed,dc=de?sub \ >>> -a serviceSearchDescriptor=passwd:ou=Accounts,dc=ntdom,dc=changed,dc=de?sub >>> >>> I really need a hint. >>> >>> thx, >>> florian >>> >>> >>> Julian Pullen schrieb: >>> >>>> Florian, >>>> >>>> I am not on the opensolaris-discuss alias so please include me on reply. >>>> >>>> idmap is for mapping Solaris identities to Windows identities. It does >>>> name based mapping. It coverts SIDs, UIDs and GID to names and hence maps >>>> a Windows name to a Solaris name. >>>> >>>> We currently don't have a naming backend that understands Active Directory, >>>> but you can use the current LDAP backend if you use Windows "Identity >>>> Mangement >>>> for UNIX" and a some LDAP attribute mapping. See >>>> http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp >>>> >>>> Regards >>>> >>>> Julian >>>> >>>> >>>> >>>> >>>> >>>> Florian Manschwetus wrote: >>>> >>>>> Our ActiveDiretory (based on 2003 R2) is extended using ServicesForUnix, >>>>> so there are fields for numericUID, numericGID, unixhomedir, loginshell >>>>> and so on, in short all (at least for my linux stuff) what is needed to >>>>> define *nix users. But idmap doesn't use it, it generates new mappings >>>>> on demand what is not what I intended. Could some one tell me more >>>>> detailed stuff about the fields used for mapping and what data is >>>>> expected to be there. >>>>> I have read a lot of the referenced documentation but nothing seems to >>>>> really fit to my problem / setup. >>>>> >>>>> thanks, >>>>> florian >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> opensolaris-discuss mailing list >>>>> opensolaris-discuss at opensolaris.org >>>>> >>> ______________________________________________________________________ >>> _______________________________________________ >>> opensolaris-discuss mailing list >>> opensolaris-discuss at opensolaris.org >>> > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > sparks-discuss mailing list > sparks-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/sparks-discuss >
