[OmniOS-discuss] LDAP and Active Directory via rfc2307

Paul B. Henson henson at acm.org
Fri Apr 22 22:34:53 UTC 2016

On Fri, Apr 22, 2016 at 03:02:20PM -0700, Michael Talbott wrote:
> I can. But the problem lies with how the unix group membership expects
> usernames to be presented. It is grabbing the DN by for the username
> and it appears it can not be set to any other attribute (or at least I
> can't find a way to do so).

As the guy who added rfc2307bis group support to the illumos ldap naming
services integration code (previously it only supported rfc2307), I can
say fairly authoritatively there's no way to do so :). Sorry.

This is the same behavior as nss_ldap and sssd under linux, I'm not
aware of any rfc2307bis implementation that allows you to specify an
alternate attribute rather than using the RDN as the member name. I
suppose it would be possible, but would certainly increase the
complexity as for each member you'd need to look up their entry to find
that alternate attribute to do the substitution. Hopefully you'll be
able to restructure your AD to use usernames as RDN's...

More information about the OmniOS-discuss mailing list