Broken LDAP? No group nesting possible

[rmleonard]

okay- this is getting weird – HELP!!!

my server – OSX 10.4.7 (this one started at 10.2.something)

it is an OD master

using the WGM tool – I cannot upgrade the “legacy” groups to new groups, Nor can I nest groups into one another, even on a newly created group.

the reasons seem to be that the Groups “record” doesn’t contain both/either “GroupMembers” or “NestedGroups”.

I noticed that in the slapd.conf the line
include /etc/openldap/schema/fmserver.schema
isn’t there (it is there on my other servers running as OD masters)

short of blowing up the LDAP and starting over – I’m not sure where to look next.

“dseditgroup -f n groupname” got me nowhere
playing with it to more fully qualify things got me nowhere either
dseditgroup -n /LDAPv3/servername.edu -v -o edit -f n groupname

if i export the db using “slapcat -l” and make a backup of the password tables via “mkpassdb -backupdb” would blowing up the directory master and reimporting from those backups fix things – or would I end up reimporting my problems?

Rich Leonard

[Author]

Posts