Aneela Saleem wrote: > I have used 'posixGroup' objectClass for creating groups, and > 'posixAccount' object class for creating users, which uses 'gidNumber' > property to associate to a specific group (created by posixGroup). No! This is likeky a big misunderstanding. The attribute 'gidNumber' in 'posixAccount' entry solely specifies the *primary* group of a POSIX user account (like in /etc/passwd). When using traditional 'posixGroup' entries the multi-valued attribute contains 'memberUID' the usernames of the group members. > I have to sync LDAP users/groups in Apache Ranger, that uses 'groupOfNames' > object class and 'member/memberof' property in user object. But in > 'groupOfNames' objectClass we have to add members at the time of creation > of group. > > Is there any way that we can add members to already created groups later on? Yes. With a LDAP modify operation. Example as LDIF change record: dn: cn=group 1,dc=example,dc=com changetype: modify add: member member: uid=user1,dc=example,dc=com - Similar for removing group membership etc. Ciao, Michael.
Description: S/MIME Cryptographic Signature