[Date Prev][Date Next]
Re: Types of Groups, Structural objects and Inheritance
Michael Ströder wrote:
Brendan Kearney wrote:
As a caveat to my ACLs, most of my groups are the posixGroup class.
from what i understand, that means i need to use set ACLs, instead of
I guess you're talking about RFC2307 vs. RFC2307bis posixGroup definition.
In my searching, i have found an explicit reason to keep using the
posixGroup type, as NFSv4 ACLs can only use posixGroup types of groups.
the dependency is because of the use of memberUid attributes.
Well, so I'll keep my custom hybrid group schema for now:
objectclass ( some-custom-oid-here
DESC 'Group for mixed group schema RFC 2307 and RFC 2307bis'
SUP ( groupOfNames $ posixGroup ) )
The caveat is that you have to synchronously maintain attributes 'member' and
'memberUID'. In my deployments web2ldap does that for me.
There is no reason to maintain both. pam_ldap/nss_ldap both support RFC2307bis
natively, as do nssov and nss-pam-ldapd.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/