Netgroup Setup

Netgroup support in nis_ldap involves additional configuration. To enable netgroup support, the module definition for LDAP in the /usr/lib/security/methods.cfg file will need to include an options attribute with a netgroup value. For example, the following configuration will enable netgroup support for LDAP:

LDAP:
     program = /usr/lib/security/LDAP
     program_64 =/usr/lib/security/LDAP64 
     options = netgroup

Enabling netgroup support will also activate the following behaviors:

• Users defined in the /etc/security/user file as members of the LDAP registry (in other words, having registry=LDAP and SYSTEM="LDAP") will not be able to authenticate as LDAP users. These users will now become nis_ldap users and will require native NIS netgroup membership. To fully enable nis_ldap netgroup users, corresponding entries in the /etc/security/user file must have the registry and SYSTEM values removed or set to compat.
• Only nis_ldap users will show compat as their registry. Other users will show their absolute registry value.
• The meaning of registry compat will be expanded to include modules supporting netgroup. For example, if LDAP module is netgroup enabled, compat will include the following registries: files, NIS, and LDAP.