Re: Groups

[Buchan Milne <bgmilne@obsidian.co.za>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Digant Kasundra wrote:
|>The problem though is that the memberUid attribute is a
|>username (not a DN), which openldap can't do very much with ...
|>
|>There is a schema around which allows a single DN to be both
|>groupOfNames and posixGroup, but it doesn't solve the above
|>problem ... (memberUid vs member).
|>
|
|
| Well, I don't mind the memberUid vs member problem b/c I don't really mind
| having both attributes in the same entry.  I'd rather have duplicated
| information the same entry than have duplicated information in two
different
| entries in two different branches.
|
| So, I assume that OpenLDAP doesn't require the objectclass to be
| groupOfNames in order for the group functions to work.  In which case,
I can
| go ahead with making the objectclasses posixGroup (since NSS *does*
require
| the objectclass to be posixGroup) and add an auxilliary objectclass that
| will allow for the member attribute.

Or, you can just make one of them auxiliary ... and nothing else is
really affected.

I think there is a draft schema around that does that already.

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBBn12rJK6UGDSBKcRAm79AJ4gHNwN+nFw7cTfRHue9QLPELRoAwCbBIDZ
ofRm3itwtJs7vM4OYg3kRII=
=QfzT
-----END PGP SIGNATURE-----