Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?

Philip Colmer wrote:

1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a

class that defines members with DNs are likely to fail.

Nope.

3. rfc2307bis has expired so there won't be much (any?) application support

for it. One of my key criteria when designing how our LDAP system was set up was to use classes that applications/systems were expecting to find.

Nope.

Nowadays most LDAP clients support to use rfc2307bis.

I also dropped using groupOfNames with MUST member and switched to use groupOfEntries with MAY member instead.

Ciao, Michael.