Typically, a list in LDAP is defined by objectclass
groupOfMembers and/or GroupOfUniquemembers, and
people are part of the group by having their dn
listed in the member or uniquemember attribute,
respectively. There are also groups as defined
in rfc... don't know the number off hand... that
defines things like Unix groups for nss/pam
stuff, though I'm not sure if that's different
or fits in with groupOf(unique)members or not.
'Course, to LDAP, these are just objectclasses
and attributes. It really comes down to 1)
common or defined usage (the above are in the
LDAP v3 specs - not sure about v2/Openldap), and
2) how the "clients" (which may be other servers)
interpret those fields. For instance, Netscape
servers used to treat any dn listed in member
or uniquemember to be part of a group. Recently,
they dropped support of member as a group member
in at least their mail server, probably in web
and others as well. In netscape's mail server,
if your "group" is a mailing list, mgrprfc822mailmember
is treated as part of the group for mailing lists
(as cc'd members, actually), but the web servers
don't use that attribute for authing access.
Netscape also has a way of defining a "dynamic"
group with an LDAP URL filter, which only they
support, and only in some versions of some servers
(4.x servers should all support it where appropriate
I think)
The end result is that you define groups based
on how your server defines groups, hoping they
all use a common format. Reality is that even
though there are some definitions in RFC's and
things, there's nothing from stopping a vendor
or developer from defining a group a different way.
What mail server software are you using? That is
what will define it.
>Ken Hughes wrote:
>
>Is there a way to create a distribution list
>on an LDAP server? A request was made for a
>"All users" entry that could be used as a
>broadcast address, but to have it centralized.
>Apologies if these are stupid questions. I'm
>still getting up to speed with LDAP. TIA Ken Hughes
--
Jeff Clowser
mailto:jclowser@aerotek.com Hanover MD 21076 USA
Phone: (410)-579-4328 7312 Parkway Drive
|