NIS Groups

Goal

We want to map the following entry from /etc/group:

secretagent:x:506:jbond,atrevalyan

into the following LDAP entry in Penrose:

dn: cn=secretagent,ou=Groups,dc=NIS,dc=Example,dc=com
memberUid: jbond
memberUid: atrevalyan
gidNumber: 506
objectClass: person
objectClass: posixGroup
cn: secretagent

Solution

First we create the source:

<source name="groups">

    <connection-name>NIS</connection-name>

    <field name="cn" primaryKey="true"/>
    <field name="gidNumber"/>
    <field name="userPassword"/>
    <field name="memberUid"/>
    <field name="description"/>

    <parameter>
      <param-name>objectClasses</param-name>
      <param-value>posixGroup</param-value>
    </parameter>
    <parameter>
      <param-name>base</param-name>
      <param-value>system/group.byname</param-value>
    </parameter>
    <parameter>
      <param-name>scope</param-name>
      <param-value>ONELEVEL</param-value>
    </parameter>

</source>

Then we create the mapping:

<entry dn="cn=...,ou=Groups,dc=NIS,dc=Example,dc=com">

    <oc>posixGroup</oc>
    <oc>person</oc>

    <at name="cn" rdn="true">
      <variable>g.cn</variable>
    </at>
    <at name="gidNumber">
      <variable>g.gidNumber</variable>
    </at>
    <at name="memberUid">
      <variable>g.memberUid</variable>
    </at>

    <source name="g">
      <source-name>groups</source-name>
      <field name="cn" primaryKey="true">
        <variable>cn</variable>
      </field>
      <field name="gidNumber">
        <variable>gidNumber</variable>
      </field>
      <field name="memberUid">
        <variable>memberUid</variable>
      </field>
    </source>

</entry>