[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: > posixGroup & memberOf

Yes i mean nested groups, ...and IT WORK !
just because of 'member'-attribute, - just add it to 'posixGroup'-objectclass ,and you can add
members like this:
dn: cn=Domain Admin,ou=Groups,dc=my,dc=org
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: Domain Admin
gidNumber: 43277
memberUid: admin
displayName: Domain Admin
sambaGroupType: 5
sambaSID: S-1-5-21-4294967295-4294967295-4294967295-512
member: cn=IT,ou=Groups,dc=my,dc=org
member: cn=internet,ou=Adv,dc=my,dc=org
where IT is another posixGroup,
As result - members of IT-group becomes to 'Domain Admins'
I told you - it must works, you try, i'm already tested with Samba acl shares (and my Samba looking for Ldap)
(..sorry for my english

----- Original Message ----- From: "Michael StrÃder" <michael@stroeder.com>
To: <vip43@mail.ru>
Cc: <openldap-technical@openldap.org>
Sent: Monday, January 21, 2008 9:48 PM
Subject: Re: > posixGroup & memberOf

vip43@mail.ru wrote:
HOW to make posixGroup a memberOf another posixGroup?? ...

You mean nested groups?
Deploying posixGroup is the very same concept like Unix groups in /etc/group. And there is no such concept like nested groups there.

objectclass ( NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ member $ description ) )
and where is "memberOf" ??

The attribute 'memberUid' contains the numeric Unix UID of all member users of a 'posixGroup'. But where do you have this declaration with attribute 'member' from? Normally it's not declared with attribute 'member'.

memberOf is a completely different thing. It's a dynamically generated back-link from the user's entry to all the group entries a user is a member of. It cannot be used in conjunction with 'posixGroup' though.

See also man-page slapo-memberof(5).

Ciao, Michael.

Michael StrÃder
E-Mail: michael@stroeder.com