[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: questions about acls.



> >> Luke Howard suggests making posixGroups auxiliary object classes to an
> >> actual groupOfNames oc.
> >
> >would i do this by editing the nis.schema and changing the objectclass
> >definition of posixGroup from having "SUP top" to "SUP groupOfNames"?
>
> You certainly should NOT muck with existing schema. Schema once
> published should be viewed as static.

my problem is that i don't know what an "auxiliary object class" is?  is
luke howard advocating what you say shouldn't be done or am i
misunderstanding?

> You can extend it, you can replace it.  Both requiring defining new
> schema items with new OIDs.

okay so if i want the group acl to work what are the requirements, does it
just have to have the "member" attribute available?  like this:

objectclass ( x.x.x.x.x.x.x NAME 'myPosixGroup' SUP top STRUCTURAL
        DESC 'Abstraction of a group of accounts'
        MUST ( cn $ gidNumber )
        MAY ( userPassword $ memberUid $ description $ member ) )

and what do i use for the oid if i don't have registered space?

adam.