[Fedora-directory-users] What groups FDS the user belongs?

[Сафонов Алексей]

Thanks for your answer, Patrick!

The Problem that I cannot change algorithm of search. I try to use pGina with module LDAP Auth at the enterprise. In LDAP Auth plugin there are the parameters, allowing to rank the user as the certain group on a workstation. For this purpose parameters userOK0-255 and adminOK0-255 are used. And they demand presence of property groupMembership in the scheme of the user.
The citation from the documentation to LDAP Auth plugin:
"If you do searching, uid (indicating a unique, alphanumeric username,
not a Unix number) is required unless you change the filter. For the
binds, it literally attempts a bind with username,
so bracket the username with whatever you call these attributes.
For userOK and adminOK, the user class must support the attribute
groupMembership as the user will be queried, not the group. If your
users have full control over their own attributes, this is not secure.
If your directory does not implement this, and instead requires
querying the group, support for that is not yet written (and may never
be as it is somewhat silly)."

groupMembership (I have in view of the name) it is possible to replace property with another.

Safonov A.

>In that case you're probably looking at two lookups: one to get the dn
of the user, and a second to check for groups that have the dn as a
uniqueMember.