[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: keep posixGroup, memberUID and groupOfNames with member synchronous

andreas.moroder@sb-brixen.it wrote:
> for samba, pam on linux, squid and others we use the standard posixGroup with
> memberUID attributes for the groupmemebershios. Now we would like to user the
> LDAP autentication module in the checkpoint firewall.
> This expects the members of a group as groupOfNames member attributes with the
> full dn .
> Is there a way to configure openLDAP to keep keep the groupofNames
> automatically in sync with the posixGroup ?

I don't know a server-side solution.

In such cases (I try to avoid if possible) I'm using a custom group object
class which provides both:

objectclass ( my-custom-oid
  NAME 'myPosixGroup'
  DESC 'Posix group for mixed group schema RFC 2307 and RFC 2307bis'
  SUP ( groupOfNames $ posixGroup )

Then I can maintain this group entries with web2ldap which maintains both
attributes. Changing a group membership results in both attributes being
updated with a single ModifyRequest.

Ciao, Michael.