[Date Prev][Date Next]
Re: can posixGroup be configured to contain other posixGroups?
On Sunday 03 November 2002 11:56, Oliver George wrote:
> I can see that posixGroup is intended to only contain memberuid's in the
> same way that /etc/group lists uid's. It's logical at times for groups
> to be members of other groups, how do administrators get around this
posixGroup is the way to represent /etc/group in LDAP.
Its attribute memberUid may have havlues that are either
user account names or DNs (according to Luke Howard's
extension to RFC2307 http://www.padl.com/~lukeh/rfc2307bis.txt
[last paragraph on page 11])
Although it is technically no problem to write DNs of groups into
the memberUid attribute I doubt if any other software than your own
can make use of it.
Using group DNs as memberUids may even break other software
since it does not expect the nested-gruops situation.
(The intention of posixGroup was to create an LDAP equivalent
for /etc/groups which does not allow nested groups)
To create recursive groups I'd suggest using other objctclasses
such as groupOfNames or groupOfUniqueNames.
Peter Marschall | eMail: firstname.lastname@example.org
Scheffelstraße 15 | email@example.com
97072 Würzburg | Tel: 0931/14721
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35