Yes i mean nested groups, ...and IT WORK ! just because of 'member'-attribute, - just add it to 'posixGroup'-objectclass ,and you can add members like this: -- dn: cn=Domain Admin,ou=Groups,dc=my,dc=org objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: Domain Admin gidNumber: 43277 memberUid: admin displayName: Domain Admin sambaGroupType: 5 sambaSID: S-1-5-21-4294967295-4294967295-4294967295-512 member: cn=IT,ou=Groups,dc=my,dc=org member: cn=internet,ou=Adv,dc=my,dc=org -- where IT is another posixGroup, As result - members of IT-group becomes to 'Domain Admins' I told you - it must works, you try, i'm already tested with Samba acl shares (and my Samba looking for Ldap) (..sorry for my english
----- Original Message ----- From: "Michael Ströder" michael@stroeder.com To: vip43@mail.ru Cc: openldap-technical@openldap.org Sent: Monday, January 21, 2008 9:48 PM Subject: Re: > posixGroup & memberOf
vip43@mail.ru wrote:
HOW to make posixGroup a memberOf another posixGroup?? ...
You mean nested groups? Deploying posixGroup is the very same concept like Unix groups in /etc/group. And there is no such concept like nested groups there.
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ member $ description ) )
and where is "memberOf" ??
The attribute 'memberUid' contains the numeric Unix UID of all member users of a 'posixGroup'. But where do you have this declaration with attribute 'member' from? Normally it's not declared with attribute 'member'.
memberOf is a completely different thing. It's a dynamically generated back-link from the user's entry to all the group entries a user is a member of. It cannot be used in conjunction with 'posixGroup' though.
See also man-page slapo-memberof(5).
Ciao, Michael.
-- Michael Ströder E-Mail: michael@stroeder.com http://www.stroeder.com