Comment 4 for bug 297408
Revision history for this message
| Edward Murrell (edward-murrell) wrote Re: pam_group does support NSS groups | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The patch itself doesn't support LDAP directly, but through the NSS library, so the query will be determined by the configuration of if libnss-ldap or libnss-ldapd packages.
So, to answer your query, it only supports POSIX/unix groups that it is a member. In most circumstances this will be where memberUid includes the username in question.
The primary group is a good point, I may have to update the patch to include that. (Coffee is needed first)
Allowing automatic addition to local groups based on groupOfNames would not necessarily be a bad thing, though that functionality would belong in libnss-ldap[d] or libpam-ldap.