[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: groups in OpenLdap

At 06:29 AM 2001-10-21, Krzysztof Szewczyk wrote:
>I would like to ask you about groups in OpenLdap.
>What ObjecClasses group must have (groupOfNames, groupOfUniqueNames...?)?

Groups, in general, represent user application information.
You can use whatever class suits your application.

If the groups are intended for use with OpenLDAP ACLs, the
support groups of any class where the member (not necessarily
called 'member') attributes are DNs (or NameAndOptionalOID)
syntax.  Generally groupOfNames/member or
groupOfUniqueNames/uniqueMember are used here.

>At which level you create them (is there a difference they will be 
>dirrectly under suffix or under organizational units)?

At any level you desire.  Some folks like to place groups
under an organizational unit, others don't.

>If example entry is possible... 

dn: cn=group,dc=example,dc=com
objectclass: groupOfNames
cn: group
member: cn=member,dc=example,dc=com

>Thanks a lot for help
>I needs groups for proxy access (i did not hear about an authorization 
>program that can work with groups for squid so i anyone know please let me