|
»
»
« Return to Thread: uniquemember attribute issue
Re: uniquemember attribute issue
by jmcclintock
::
Rate this Message:
Hi Dan, I was wondering if you know the answer to this:
I've worked in Windows AD environments where I've implemented libnss-ldap on the Linux side and MSSFU 3.5 on the Windows side.
At one point when you would use ADUC to modify a group's membership (via the Unix Attributes tab) and added a user (whose already had their Unix stuff enabled via the same tab for the user). The group would add the attribute 'memberUid' with a value of the person you added.
I downloaded a copy of Windows Server 2003 (demo version from Microsoft 6 month trial), installed MSSFU 3.5 and when I do the steps mentioned above, it worked the same way (a new memberUID attribute was added to the group with the value being the person added.
So to save money, I bought a copy of Windows 2003 Small Business Server. Installed it, put on MSSFU 3.5 and when I went to add users to my new unix group, memberuid was no longer used, but instead msSFU30PosixMember and puts the full CN of the user in there.
So I thought Small Business Server just did it differently than the Standard version. So I just ordered a copy of Windows 2003 Server R2 SP2 Standard. I got it, installed, installed just the NIS server from MSSFU35 to get the extra tab in ADUC and to my disappointment, it did the same thing as Small Business Server by not using memberUID.
Is it possible to use msSFU30PosixMember? If so, can you send me an example of your ldap.conf/libnss-ldap.conf with the proper mappings to make it work?
I've worked in Windows AD environments where I've implemented libnss-ldap on the Linux side and MSSFU 3.5 on the Windows side.
At one point when you would use ADUC to modify a group's membership (via the Unix Attributes tab) and added a user (whose already had their Unix stuff enabled via the same tab for the user). The group would add the attribute 'memberUid' with a value of the person you added.
I downloaded a copy of Windows Server 2003 (demo version from Microsoft 6 month trial), installed MSSFU 3.5 and when I do the steps mentioned above, it worked the same way (a new memberUID attribute was added to the group with the value being the person added.
So to save money, I bought a copy of Windows 2003 Small Business Server. Installed it, put on MSSFU 3.5 and when I went to add users to my new unix group, memberuid was no longer used, but instead msSFU30PosixMember and puts the full CN of the user in there.
So I thought Small Business Server just did it differently than the Standard version. So I just ordered a copy of Windows 2003 Server R2 SP2 Standard. I got it, installed, installed just the NIS server from MSSFU35 to get the extra tab in ADUC and to my disappointment, it did the same thing as Small Business Server by not using memberUID.
Is it possible to use msSFU30PosixMember? If so, can you send me an example of your ldap.conf/libnss-ldap.conf with the proper mappings to make it work?
Dan Am-3 wrote:Hi Guy,
you need to use "msSFU30posixmember" instead of "memberuid". This does get
populated. In this case your nss_ldap needs to be compiled with rfc2307bis
support.
Best
Dan
PS: If you plan to migrate to R2 in the not too distant future, watch out,
there are migration issues.
2008/3/10, Defryn, Guy <G.P.Defryn@massey.ac.nz>:
>
>
>
> Hi,
>
>
>
> first time poster here and new to everything nssldap.
>
>
>
> The ldap.conf file on our RHEL boxes have the following entry
>
>
>
> nss_map_objectclass posixAccount User
>
> nss_map_attribute uid msSFUName
>
> nss_map_attribute userPassword msSFUPassword
>
> nss_map_attribute homeDirectory msSFUHomeDirectory
>
>
>
> nss_map_objectclass posixGroup Group
>
> nss_map_attribute cn msSFUName
>
> nss_map_attribute uniqueMember memberUid
>
>
>
> In our setup the memberUid in Active directory is not being populated
> anymore.
>
> Everything is pretty much being automated. When a new user is created in a
> group in the nss_base_group object he will not appear when issueing "getent
> group groupname"
>
> Obviously this is to be expected as the memberUId field is not populated.
>
>
>
> An LDAP query shows that the user is specified in the Member object.
>
>
>
> When I change uniqueMember attribute to Member the new user is revealed
> when issueing "getent group groupname"
>
> However, the few users in the group who still have there memberUid set
> (the way it used to be done) appear twice.
>
>
>
> Why is that and how can I get unique results from just the member object?
>
>
>
> Hope it all makes sense
>
>
>
> Cheers
>
>
>
« Return to Thread: uniquemember attribute issue
| Free embeddable forum powered by Nabble | Forum Help |
