What I mean with "this" in "in AD this is possible" is the fact that you can assign group membership to OU membership (When user A is member of OU B, user A will become member of group C".
Afaik this is not possible with OpenLDAP. If it is, I would really like to know how. My only bet is with dynamic groups/list, but I have no idea how.
Fred
2012/2/23 Buchan Milne bgmilne@staff.telkomsa.net
On Wednesday, 22 February 2012 11:22:55 Fred van Zwieten wrote:
Hi all,
warning: openldap newbie..
is it possible to have a person put into an OU and, because of this, will become member of some group in such a way that this group shows up in
linux
using "id". This to implement some form of RBAC. I found GroupofMembers, but that has nothing to do with OU's. Also, it seems posixGroup and groupOfMembers objecttypes are no longer allowed together because the are both STRUCTURAL.
Not in nis.schema, but in rfc2307bis.schema, posixGroup is not structural.
In AD this is possible.
It is possible in OpenLDAP too. Just now with nis.schema. Most LDAP clients support rfc2307bis.
Regards, Buchan