[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Types of Groups, Structural objects and Inheritance

Brendan Kearney wrote:
> As a caveat to my ACLs, most of my groups are the posixGroup class.
> from what i understand, that means i need to use set ACLs, instead of
> group ACLs.

I guess you're talking about RFC2307 vs. RFC2307bis posixGroup definition.

> In my searching, i have found an explicit reason to keep using the
> posixGroup type, as NFSv4 ACLs can only use posixGroup types of groups.
> the dependency is because of the use of memberUid attributes.

Well, so I'll keep my custom hybrid group schema for now:

objectclass ( some-custom-oid-here
  NAME 'hybridPosixGroup'
  DESC 'Group for mixed group schema RFC 2307 and RFC 2307bis'
  SUP ( groupOfNames $ posixGroup ) )

The caveat is that you have to synchronously maintain attributes 'member' and
'memberUID'. In my deployments web2ldap does that for me.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature