Yes i mean nested groups, ...and IT WORK !
just because of 'member'-attribute, - just add it to
'posixGroup'-objectclass ,and you can add
members like this:
dn: cn=Domain Admin,ou=Groups,dc=my,dc=org
cn: Domain Admin
displayName: Domain Admin
where IT is another posixGroup,
As result - members of IT-group becomes to 'Domain Admins'
I told you - it must works, you try, i'm already tested with Samba acl
shares (and my Samba looking for Ldap)
(..sorry for my english
----- Original Message -----
From: "Michael Ströder" <michael(a)stroeder.com>
Sent: Monday, January 21, 2008 9:48 PM
Subject: Re: > posixGroup & memberOf
> HOW to make posixGroup a memberOf another posixGroup?? ...
You mean nested groups?
Deploying posixGroup is the very same concept like Unix groups in
/etc/group. And there is no such concept like nested groups there.
> objectclass ( 220.127.116.11.18.104.22.168 NAME 'posixGroup'
> DESC 'Abstraction of a group of accounts'
> SUP top STRUCTURAL
> MUST ( cn $ gidNumber )
> MAY ( userPassword $ memberUid $ member $ description ) )
> and where is "memberOf" ??
The attribute 'memberUid' contains the numeric Unix UID of all member
users of a 'posixGroup'. But where do you have this declaration with
attribute 'member' from? Normally it's not declared with attribute
memberOf is a completely different thing. It's a dynamically generated
back-link from the user's entry to all the group entries a user is a
member of. It cannot be used in conjunction with 'posixGroup' though.
See also man-page slapo-memberof(5).