I have posed this to VAS product management (Eyes, Wilson) but interested to see other interest in supporting netgroups from native AD groups, i.e. a netgroup triple exposed from NSS but data held in native AD groups rather than rfc2307 netgroup objects.
Any potential gotchas with this solution (apart from fact that AD becomes one "NIS" domain and a flat name space for netgroups)? Do any platforms not support netgroups through NSS for anything other than NIS? I am not talking of using NIS ypdaemon but equivalent of nss_ldap.
Since netgroups are the UNIX equivalent of AD distribution groups and do not impact gid security group limits this appears to be an interesting option.
Any potential gotchas with this solution (apart from fact that AD becomes one "NIS" domain and a flat name space for netgroups)? Do any platforms not support netgroups through NSS for anything other than NIS? I am not talking of using NIS ypdaemon but equivalent of nss_ldap.
Since netgroups are the UNIX equivalent of AD distribution groups and do not impact gid security group limits this appears to be an interesting option.