RHEL5 RedHat/Fedora Linux Using netgroups with LDAP (nss_ldap)

By thomas, 25 January, 2008
There is an excellent tutorial on using LDAP for netgroup enumeration. Most of the changes are obvious, but one thing may trip you up. First you add a netgroup to your directory: # example, netgroup, narrabilis.com dn: cn=example,ou=netgroup,dc=narrabilis,dc=com description: Narrabilis Workstations nisNetgroupTriple: (nash,,) nisNetgroupTriple: (dreamhost,,) nisNetgroupTriple: {ramblings,,) cn: example objectClass: top objectClass: nisnetgroup
Next you add ldap to the netgroup line of nsswitch.conf netgroup: files ldap Now for optimization you should add nss_base_netgroup to your ldap.conf (optional) nss_base_netgroup ou=netgroup,dc=narrabilis,dc=com ok, you've done all that, it should work just fine right? But it doesn't. :-(
The quirky thing is that you must set a NISDOMAIN in /etc/sysconfig/network NISDOMAIN=huh It doesn't matter what you set it to either, but it must be set. Very lame. But, it should work now, go figure.