[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: posixGroup and groupofNames



On 26/02/2010 08:38, Dieter Kluenter wrote:
Siddhartha Jain<sjain@silverspringnet.com>  writes:

Hi,

Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes,
posixgroup and groupofnames are structural causing conflicts if one
wants to use both. And while RFC2307bis is deleted by IETF, RFC2307
doesn't seem to have the same traction (or, does it)? So, what's a
good option? Simply switch posixgroup to AUX in
/etc/openldap/schema/nis.schema?

Both object classes follow different concepts. Object class
groupOfNames requires a member attribute type:

member: cn=foo bar,ou=people,dc=example,dc=conm

while posixgroup requires memberUid attribute type:

memberUid: foo

You should probably check what your applications need.

Alternatively, if you really need both, you can use a dynamic group to provide similar behavior, see slapo-dynlist(5). This would in effect mean you have 2 groups: one listing members, and another one, dynamically filled from the contents of the first.

Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------