[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
posixgroups vs groupofnames
Hey;
Here's the end goal: Have the ability to have posixgroup style support for
gid <-> group_name translation and the ability to use memberof style searches
without data duplication.
In short:
# ldapsearch -xLLL -s sub '(uid=doleary)' memberof
dn: uid=doleary,ou=users,dc=oci,dc=com
memberOf: cn=infra,ou=groups,dc=oci,dc=com
memberOf: cn=ldap-Administrators,ou=groups,dc=oci,dc=com
memberOf: cn=infosec,ou=groups,dc=oci,dc=com
memberOf: cn=dba,ou=groups,dc=oci,dc=com
and
# groups doleary
doleary : ldap-users ldap-Administrators infosec infra
Using a standard rfc2307 install, the only way I was able to get there was by
having duplicate groups, one posix and one groupofnames.
I've been playing around with rfc2307bis the last few days. While I'm able to
have one group, in order to support the desired functionality, I still have to
have two member types in that group - member and memberuid:
# ldap -search cn=infra
-----------------------------------------------------------------------
dn:cn=infra,ou=groups,dc=oci,dc=com
cn: infra
objectClass: top
groupOfNames
posixGroup
member: cn=admin,dc=oci,dc=com
uid=doleary,ou=users,dc=oci,dc=com
description: System Admins
gidNumber: 610
memberUid: doleary
Short version: is there a way to achieve this ability without duplicating
data?
Any info greatly appreciated. Thanks for your time.
Doug O'Leary
------------
Senior UNIX/Security Admin
CISSP, CISA, RHCE, CEH
O'Leary Computers Inc
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
linkedin: http://www.linkedin.com/in/dkoleary
resume: http://www.olearycomputers.com/resume.html