Re: OpenLDAP configuration for ldap-group authentication on Apache2.x

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Tuesday, 1 June 2010 17:04:59 Loren Cahlander wrote:

> And need to have groups being both posixGroup and groupOfUniqueNames.


I would rather use groupOfNames/member than groupOfUniqueNames/uniqueMember 
...

> Far below is my configuration.  If I try loading a group with with following:
> > dn: cn=my-dba,ou=Groups,dc=exist-db, dc=org
> > gidNumber: 9999
> > objectClass: posixGroup
> > objectClass: groupOfUniqueNames
> > uniqueMember: uid=lcahlander,ou=Users,dc=exist-db,dc=org
> > cn: my-dba
> 
> I get the following error:
> > ldap_add: Object class violation (65)
> > 	additional info: invalid structural object class chain
> > (posixGroup/groupOfUniqueNames)
> 
> Does anyone have a suggestion for how to deal with this error?

Two options:

1)Switch to rfc2307bis instead of rfc2307 (nis.schema)

This may require a bit of work for your ldap clients.

2)Add objectclass extensibleObject, and maintain both member and memberUid 
attributes.

Regards,
Buchan