Netgroup using LDAP in FreeBSD 11.1
zjlinickey
ss713048 at gmail.com
Wed Feb 7 06:18:48 UTC 2018
Hi
We try to use netgroup and backend is LDAP.
We use nss-pam-ldapd, it contains nss_ldap, pam_ldap and nslcd.
passwd and group have been impelemented in nslcd, and work ok.
But nslcd looks like not impelement function __nss_compat_getnetgrent_r in
FreeBSD.
There in only __nss_compat_getgrent_r in libc.
I found the patch,
https://people.freebsd.org/~markj/patches/nss_ldap_netgroup.patch, but looks
like it didn't patch to libc.
We reference the patch and try to impelement the function
__nss_compat_getnetgrent_r,
getent netgroup <netgroup_name> looks like ok.
But when netgroup's entry contain another group, it will be wrong.
e.g.
all-users teamA teamB
teamA (,Bob,) (,Alice,)
teamB (,Eric,) (,Andy,)
Help will be greatly appreciated, as this could impact other ways our system
still need netgroup...
My nsswitch.conf is:
group: files ldap
hosts: files dns
networks: files ldap
netgroup: ldap
passwd: files ldap
shells: files
services: compat
services_compat: files
protocols: files
rpc: files
LDAP schema is:
dn: cn=testNetgroup,ou=Netgroup,dc=mydomain,dc=com
objectClass: nisNetgroup
objectClass: top
cn: testNetgroup
nisNetgroupTriple: (,aaa,)
nisNetgroupTriple: (,bbb,)
nisNetgroupTriple: (,ccc,)
Thank you!
Z. J. Lin
--
Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
More information about the freebsd-net
mailing list