Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 57123 - netgroups not supported
netgroups not supported
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2001-12-05 07:02 EST by Marc Schmitt
Modified: 2007-04-18 12:38 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-18 13:03:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marc Schmitt 2001-12-05 07:02:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2)
Gecko/20010726 Netscape6/6.1

Description of problem:
At the bottom of /usr/share/doc/nss_ldap-149/nsswitch.ldap, it says "# No
one has written the LDAP support for netgroups yet, so we'll have to stick
with NIS."

My questions is, are there plans to implement support for netgroups over
LDAP in the near future or will NIS be the only way to go for quite some time?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. no feature

Additional info:

We are using LDAP in an educational environment with about 1600 student
accounts. The LDAP serves Sun and Linux clients. Under SunOS, netgroups
over LDAP are supported (although we have some problems with it...). The
LDAP server natively integrated in Solaris 8 allows to provide LDAP entries
as NIS maps. We don`t have it configured yet, that`s why I`d like to know
about the future of netgroups and nss under Linux. If this will be realized
soon, I wouldn`t have to temporary configure the Sun/LDAP/NIS solution.

Thanks in advance for your answer.

Comment 1 Petter Reinholdtsen 2002-11-16 12:04:29 EST
There are two patches available for nss_ldap to add support
for netgroups.  Both have been rejected because they only work on
Linux.  The patches are available from <URL:http://www.netsys.com/nssldap/2001/03/msg00042.html> and 
Comment 2 Petter Reinholdtsen 2002-12-09 06:58:39 EST
We at the University of Oslo would like to change our site from using NIS
into using LDAP.  But we need netgroup support.  Our installation is 52.000
users and 10.000 computers.  Please give this problem some priority.
Comment 3 Petter Reinholdtsen 2003-01-19 08:05:28 EST
The upstream sources for 203.2 contains the following changelog:

  204     Luke Howard <lukeh@padl.com>

          * Linux netgroup implementation from Larry Lile
          * Multiple service search descriptor support from

Time to test the new version?
Comment 4 Petter Reinholdtsen 2003-06-27 03:32:06 EDT
I've now tested version 207 of libnss-ldap, and netgroups work just
fine.  Please include upgrade the version used in RedHat to a
version with netgroup support.
Comment 5 Albert Fluegel 2003-08-13 11:03:55 EDT
Here's how to make an RPM with netgroup support (tested !)
suitable for RedHat-9:

Install SRPM from RedHat-9 nss_ldap-202-5.src.rpm

Put the replacement for the file
into the same directory as nss_ldap-207.tar.gz .
The file can be obtained from padl:

In the spec file /usr/src/redhat/SPECS/nss_ldap.spec
replace Version: 202 by Version: 207

replace the entire contents of
/usr/src/redhat/SOURCES/nss_ldap-197-db.patch with:

- snip -
We have to make sure we're getting the version of db185.h we want, i.e.,
the one that matches the library we'll be linking against, so force it.
--- nss_ldap-207/util.c.org     2003-08-13 11:47:03.000000000 +0200
+++ nss_ldap-207/util.c 2003-08-13 11:51:31.000000000 +0200
@@ -92,18 +92,9 @@
  * right API!
 #if defined(RFC2307BIS) || defined(AT_OC_MAP)
-#ifdef HAVE_DB3_DB_185_H
-#include <db3/db_185.h>
-#define DN2UID_CACHE
-#elif defined(HAVE_DB_185_H)
+#if defined(HAVE_DB_185_H)
 #include <db_185.h>
 #define DN2UID_CACHE
-#elif defined(HAVE_DB1_DB_H)
-#include <db1/db.h>
-#define DN2UID_CACHE
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#define DN2UID_CACHE
 #endif /* HAVE_DB3_DB_H */
 #ifdef DN2UID_CACHE
- snip -

run rpmbuild -bb /usr/src/redhat/SPECS/nss_ldap.spec

The created RPMs can be installed using rpm -U ... as usual.

It is unclear, if that works also with older RedHat Releases
but i assume problems with pre - 2 versions
But for RedHat-9 there are no excuses ;-)
Comment 6 Larry Lile 2003-08-22 18:37:36 EDT
Hello, I am the author the the netgroup support for nss_ldap.  The netgroup
support was accepted into the main branch of nss_ldap in release 204.  The
current version of nss_ldap is 210 (at last check).  I have provided SRPMs
to you (nalin) on more than one occasion.  When can we expect to see netgroup
support integrated into RedHat products.  I just checked the AW beta and it
still has not been integrated.  My personal e-mail to you on this issue
has gone unanswered since 8/13 and I provided you the patch set originally
on 1/31/2003.

I am opening a new bugreport on this against RedHat 9 and AW3.
Comment 7 Petter Reinholdtsen 2003-10-22 15:00:58 EDT
Version 207 is claimed to be in RawHide.  I hope that mean the new version
will make into the next release.  Then all we need to do is wait for
bug #103568 to be fixed as well before PAM and NSS over LDAP is completely
usable in RedHat. :)
Comment 8 Petter Reinholdtsen 2004-04-14 11:25:15 EDT
Version 207 of libnss-ldap is in RedHat Enterprise Linux 3.
This bug is fixed, but I am unable to close it.
Comment 9 Petter Reinholdtsen 2004-09-09 11:01:17 EDT
Why is bug report still open?  The problem is solved.
Comment 10 Bill Nottingham 2006-08-07 15:44:28 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 11 Bill Nottingham 2006-10-18 13:03:41 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.