On 12/10/2012 01:29 PM, Deas, Jim wrote:
I am about to upgrade our systems to the current version. One of my
difficulty’s in the old version was the lack of nested groups.
Is there a way with the current software to create nested groups in
openldap that will be seen properly by the linux PAM module and Mac OSX?
Linux systems with the 'sss' stack (sssd) rather than PADL's nss_ldap
and pam_ldap support nested groups if you're using RFC2307bis. In that
case, you should be storing "member" attributes rather than
"memberuid".
https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/chap...
OS X appears to do its own thing, and expects an apple-group-nestedgroup
attribute.