[Date Prev][Date Next]
Re: keep posixGroup, memberUID and groupOfNames with member synchronous
> for samba, pam on linux, squid and others we use the standard posixGroup with
> memberUID attributes for the groupmemebershios. Now we would like to user the
> LDAP autentication module in the checkpoint firewall.
> This expects the members of a group as groupOfNames member attributes with the
> full dn .
> Is there a way to configure openLDAP to keep keep the groupofNames
> automatically in sync with the posixGroup ?
I don't know a server-side solution.
In such cases (I try to avoid if possible) I'm using a custom group object
class which provides both:
objectclass ( my-custom-oid
DESC 'Posix group for mixed group schema RFC 2307 and RFC 2307bis'
SUP ( groupOfNames $ posixGroup )
Then I can maintain this group entries with web2ldap which maintains both
attributes. Changing a group membership results in both attributes being
updated with a single ModifyRequest.