Re: > posixGroup & memberOf
Yes i mean nested groups, ...and IT WORK !
just because of 'member'-attribute, - just add it to
'posixGroup'-objectclass ,and you can add
members like this:
--
dn: cn=Domain Admin,ou=Groups,dc=my,dc=org
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: Domain Admin
gidNumber: 43277
memberUid: admin
displayName: Domain Admin
sambaGroupType: 5
sambaSID: S-1-5-21-4294967295-4294967295-4294967295-512
member: cn=IT,ou=Groups,dc=my,dc=org
member: cn=internet,ou=Adv,dc=my,dc=org
--
where IT is another posixGroup,
As result - members of IT-group becomes to 'Domain Admins'
I told you - it must works, you try, i'm already tested with Samba acl
shares (and my Samba looking for Ldap)
(..sorry for my english
----- Original Message -----
From: "Michael Ströder" <michael(a)stroeder.com>
To: <vip43(a)mail.ru>
Cc: <openldap-technical(a)openldap.org>
Sent: Monday, January 21, 2008 9:48 PM
Subject: Re: > posixGroup & memberOf
vip43(a)mail.ru wrote:
> HOW to make posixGroup a memberOf another posixGroup?? ...
You mean nested groups?
Deploying posixGroup is the very same concept like Unix groups in
/etc/group. And there is no such concept like nested groups there.
> objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
> DESC 'Abstraction of a group of accounts'
> SUP top STRUCTURAL
> MUST ( cn $ gidNumber )
> MAY ( userPassword $ memberUid $ member $ description ) )
> -----------
> and where is "memberOf" ??
The attribute 'memberUid' contains the numeric Unix UID of all member
users of a 'posixGroup'. But where do you have this declaration with
attribute 'member' from? Normally it's not declared with attribute
'member'.
memberOf is a completely different thing. It's a dynamically generated
back-link from the user's entry to all the group entries a user is a
member of. It cannot be used in conjunction with 'posixGroup' though.
See also man-page slapo-memberof(5).
Ciao, Michael.
--
Michael Ströder
E-Mail: michael(a)stroeder.com
http://www.stroeder.com