Re: Usermod problems with ldap

[Michael Ströder <michael@stroeder.com>]

okossuth@antel.com.uy wrote:
> Ok so you are telling me to not use usermod at all and just do the modifications with 
> a LDAP client tool like phpldapadmin?

Yes, if the LDAP client tool manages the right attribute. I don't know
phpldapadmin in detail.

This default configuration for group maintenance is in the standard
source distribution of web2ldap:

    # The definitions for group entry administration
    groupadm_defs={
      'groupOfNames':       ('member',None),
      'groupOfUniqueNames': ('uniqueMember',None),
      'organizationalRole': ('roleOccupant',None),
      'rfc822MailGroup':    ('mail','mail'),
      'nisMailAlias':       ('rfc822MailMember','mail'),
      'mailGroup':          ('mgrprfc822mailmember','mail'),
      # Found on IBM SecureWay Directory
      'accessGroup':        ('member',None),
      # RFC2370
      'posixGroup':         ('memberUid','uid'),
      'nisNetgroup':        ('memberNisNetgroup','uid'),
      # Samba 3.0
      'sambaGroupMapping':  ('sambaSID','sambaSID'),
      # Active Directory
      'group':              ('member',None),
      # draft-findlay-ldap-groupofentries
      'groupOfEntries':     ('member',None),
    },

I think you get the idea. It can be customized for particular LDAP
target servers or name spaces to meet your needs. Being the author of
web2ldap I'm biased off course.

Ciao, Michael.