Le 08/09/2016 à 09:45, Clément OUDOT a écrit :
Le 08/09/2016 à 04:52, Ryan Tandy a écrit :On Wed, Sep 07, 2016 at 11:10:30PM +0200, MegaBrutal wrote:I also figured that memberOf would need groupOfNames groups, while I need posixGroup type groups. I evaluated the possibility to use groupOfNames, but it lacks the necessary gidNumber attribute which is a requirement for Unix groups.This is the key issue.A draft schema known as "rfc2307bis" exists, which replaces (!) the published RFC2037 schema with one compatible with groupOfNames.A published solution to this problem does not currently exist. In the past year there have been some discussions on the ldapext list. You can find the archives of that list at:https://www.ietf.org/mailman/listinfo/ldapextHi,as a workaround, I often create a small connector that synchronises posixGroup objects into groupOfNames. It's really easy to do with LSC (http://www.lsc-project.org).With this, you only manage POSIX groups, and standard groups are updated automatically. You can then use the memberOf overlay on groupOfNames.
In case this solution interest someone, I wrote a small tutorial to configure LSC for it: https://lsc-project.org/documentation/tutorial/synchronizeposixgroupstogroupofnames
-- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot