Howard Chu wrote: > Michael Ströder wrote: >> Brendan Kearney wrote: >>> As a caveat to my ACLs, most of my groups are the posixGroup class. >>> from what i understand, that means i need to use set ACLs, instead of >>> group ACLs. >> >> I guess you're talking about RFC2307 vs. RFC2307bis posixGroup definition. >> >>> In my searching, i have found an explicit reason to keep using the >>> posixGroup type, as NFSv4 ACLs can only use posixGroup types of groups. >>> the dependency is because of the use of memberUid attributes. >> >> Well, so I'll keep my custom hybrid group schema for now: >> >> objectclass ( some-custom-oid-here >> NAME 'hybridPosixGroup' >> DESC 'Group for mixed group schema RFC 2307 and RFC 2307bis' >> STRUCTURAL >> SUP ( groupOfNames $ posixGroup ) ) >> >> The caveat is that you have to synchronously maintain attributes 'member' and >> 'memberUID'. In my deployments web2ldap does that for me. > > There is no reason to maintain both. pam_ldap/nss_ldap both support RFC2307bis > natively, as do nssov and nss-pam-ldapd. In some environments you do not control the configuration of all (legacy) clients. Ciao, Michael.
Description: S/MIME Cryptographic Signature