[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: groupOf [Unique] Names - which to use?
On Fri, Oct 08, 1999 at 09:07:20AM +1300, Graeme Joyce wrote:
> I remember reading somewhere that groupOfUniqueNames is a Netscape defined
> objectClass. I see the standard OpenLdap schema only includes groupOfNames.
>
> What is the problem that required the groupOfUniqueNames objectClass to be
> defined?
>
> In what situations should a group have objectClass=groupOfUniqueNames rather
> than groupOfNames (or both..)?
If you are using the netscape schema you might prefer it.
> We're starting to define groups for access control so I'd like to get this
> right.
If you are using openldap server you can specify the group objectclass and
attribute using the following syntax:
group/objectClassValue/groupAttrName
So:
group="cn=SysAdmin,l=$2"
is the equivalent of:
group="cn=SysAdmin,l=$2/groupOfNames/member"
and you may prefer:
group="cn=SysAdmin,l=$2/groupOfUniqueNames/uniqueMember"
If someone from netscape is reading the list maybe the can enlighten us on
what the implied semantic differences are between the two types of groups
are.
--
Stuart Lynne <sl@fireplug.net> __O
<http://edge.fireplug.net> _-\<,_ 604-461-7532
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 (_)/ (_) 88 EC A3 EE 2D 1C 15 68