# The LDAP version to use
ldap_version 3
+
+# Use the uniqueMember property, referring to dn's instead of the memberUid
+# property referring to usernames. This allows us to have group members with or
+# without an account, and give a group member an account without having to
+# change all his memberships.
+nss_schema rfc2307bis
+
+# Use our custom posixGroup replacement
+nss_map_objectclass posixGroup simplePosixGroup