From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 Description of problem: At the bottom of /usr/share/doc/nss_ldap-149/nsswitch.ldap, it says "# No one has written the LDAP support for netgroups yet, so we'll have to stick with NIS." My questions is, are there plans to implement support for netgroups over LDAP in the near future or will NIS be the only way to go for quite some time? Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. no feature Additional info: We are using LDAP in an educational environment with about 1600 student accounts. The LDAP serves Sun and Linux clients. Under SunOS, netgroups over LDAP are supported (although we have some problems with it...). The LDAP server natively integrated in Solaris 8 allows to provide LDAP entries as NIS maps. We don`t have it configured yet, that`s why I`d like to know about the future of netgroups and nss under Linux. If this will be realized soon, I wouldn`t have to temporary configure the Sun/LDAP/NIS solution. Thanks in advance for your answer. Regards, Marc
There are two patches available for nss_ldap to add support for netgroups. Both have been rejected because they only work on Linux. The patches are available from <URL:http://www.netsys.com/nssldap/2001/03/msg00042.html> and <URL:http://www.ifi.uio.no/~kjetilho/hacks/ldap-netgrp.patch>.
We at the University of Oslo would like to change our site from using NIS into using LDAP. But we need netgroup support. Our installation is 52.000 users and 10.000 computers. Please give this problem some priority.
The upstream sources for 203.2 contains the following changelog: 204 Luke Howard <lukeh> * Linux netgroup implementation from Larry Lile * Multiple service search descriptor support from Symas Time to test the new version?
I've now tested version 207 of libnss-ldap, and netgroups work just fine. Please include upgrade the version used in RedHat to a version with netgroup support.
Here's how to make an RPM with netgroup support (tested !) suitable for RedHat-9: 1) Install SRPM from RedHat-9 nss_ldap-202-5.src.rpm 2) Put the replacement for the file /usr/src/redhat/SOURCES/nss_ldap-202.tar.gz into the same directory as nss_ldap-207.tar.gz . The file can be obtained from padl: ftp://ftp.padl.com/pub/nss_ldap.tgz 3) In the spec file /usr/src/redhat/SPECS/nss_ldap.spec replace Version: 202 by Version: 207 4.) replace the entire contents of /usr/src/redhat/SOURCES/nss_ldap-197-db.patch with: - snip - We have to make sure we're getting the version of db185.h we want, i.e., the one that matches the library we'll be linking against, so force it. --- nss_ldap-207/util.c.org 2003-08-13 11:47:03.000000000 +0200 +++ nss_ldap-207/util.c 2003-08-13 11:51:31.000000000 +0200 @@ -92,18 +92,9 @@ * right API! */ #if defined(RFC2307BIS) || defined(AT_OC_MAP) -#ifdef HAVE_DB3_DB_185_H -#include <db3/db_185.h> -#define DN2UID_CACHE -#elif defined(HAVE_DB_185_H) +#if defined(HAVE_DB_185_H) #include <db_185.h> #define DN2UID_CACHE -#elif defined(HAVE_DB1_DB_H) -#include <db1/db.h> -#define DN2UID_CACHE -#elif defined(HAVE_DB_H) -#include <db.h> -#define DN2UID_CACHE #endif /* HAVE_DB3_DB_H */ #ifdef DN2UID_CACHE - snip - 5) run rpmbuild -bb /usr/src/redhat/SPECS/nss_ldap.spec The created RPMs can be installed using rpm -U ... as usual. It is unclear, if that works also with older RedHat Releases but i assume problems with pre - 2 versions But for RedHat-9 there are no excuses ;-)
Hello, I am the author the the netgroup support for nss_ldap. The netgroup support was accepted into the main branch of nss_ldap in release 204. The current version of nss_ldap is 210 (at last check). I have provided SRPMs to you (nalin) on more than one occasion. When can we expect to see netgroup support integrated into RedHat products. I just checked the AW beta and it still has not been integrated. My personal e-mail to you on this issue has gone unanswered since 8/13 and I provided you the patch set originally on 1/31/2003. I am opening a new bugreport on this against RedHat 9 and AW3.
Version 207 is claimed to be in RawHide. I hope that mean the new version will make into the next release. Then all we need to do is wait for bug #103568 to be fixed as well before PAM and NSS over LDAP is completely usable in RedHat. :)
Version 207 of libnss-ldap is in RedHat Enterprise Linux 3. This bug is fixed, but I am unable to close it.
Why is bug report still open? The problem is solved.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.