[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: groupOfUniqueNames NIS



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tarjei Huse

> AFAIK nss_ldap from Padl supports both. Check the member attribute or
> something.

groupOfNames or groupOfUniqueNames is only used if you built
with --enable-rfc2307bis. Generally that's the most sensible way to build it,
but it's not the default.

> Also, make sure you run nscd and also spend some time on your indexes!
> tarjei
> Jerry Haltom wrote:
>
> >I am trying to define "groups" in LDAP. I need these groups to be
> >accessable from nss_ldap, but also some other sources would be nice.
> >I don't want to be redundant.

You need RFC2307bis if you want to avoid redundance.

> >What object classes should I use? I am unclear on weither I
> should use
> >posixGroup alone or groupOfUniqueNames. The groupOfUniqueNames sounds
> >good... but it conflicts with posixGroup:
> >
> >ldap_add: Object class violation (65)
> >        additional info: invalid structural object class chain
> >(posixGroup/groupOfUniqueNames)
> >
> >Help? :D

Define your own objectclass that has both posixGroup and groupOfUniqueNames
as SUPeriors. Or use some other AUXiliary objectclass that allows the
attributeTypes you're interested in using. There's no reason to use
groupOfUniqueNames in this case; nss_ldap never looks at the "Unique"
component of the name. Just use groupOfNames/member. Don't use the posixGroup
memberUid attribute at all, and forget about groupOfUniqueNames/uniqueMember.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support