Not very familiar with ldap schemas, I’m struggling with identifier of people and groups in an openldap directory. This question should not be specific to openldap but I does not found anything clear in RFCs.
My current understanding is:
- uidNumber is a unique number amongst users (posixAccount??), thus each instance of objectclass posixAccount has a different uidNumber (which is generated by the directory I assume??),
- gidNumber is the same thing as above but for PosixGroup instances.
- posixAccount has also a gidNumber attribute but this is the gidNumber referencing primary group of this user.
I would like to browse the attributes of members of a posixGroup, and I suppose that it is contained in memberUid multi valued attribute.
So, my question is simple : if I’m not wrong until now, what attribute is contained in memberUid for referencing users and group ? It should be a attribute fro which unicity is preserved amongst posixAccount AND posixGroup ? If it is not (which is the case in gidNumber and uidNumber) how do you know if it is a group or a user you have to search for, and how can you retrieve the correct instance?
Thanks for your clues,