John Jasen wrote: > [3] You will need to map lookups on your client systems, /etc/ldap.conf > on linux; ldapclientconfig (I think) on Solaris. I can send you examples > when I get back to work. >
Did you get group membership resolution working using RFC 2307 or 2307bis? I've run into a problem with Solaris 10 only supporting RFC 2307 and not RFC 2307bis. The salient difference is that RFC 2307 mandates that group members are added to the group's memberGID attribute as text strings, while 2307bis has group members added as LDAP objects to the member attribute. It seems that at least by Windows 2003 R2 Microsoft setup AD's Unix schema for 2307bis and not 2307. As near as I can tell the Solaris nss_ldap client doesn't support 2307bis, so I've been meaning to write a script to sync member to memberGID on the AD side. If there's a client-side fix that would be preferable, though. -- -- Skylar Thompson ([email protected]) -- http://www.cs.earlham.edu/~skylar/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
