Ralf Mattes wrote:
Furthermore - are you shure you want to search for groupofnames and not posixgroup? Group ID numbers are usually used with POSIX groups and since both posixgroup and groupoufnames are structural groups they can't mix. It's actually pretty unlikely that your server holds groupofnames with a numeric group id.
Note that there's RFC2307bis [1] which uses groupOfNames as STRUCTURAL object class and posixGroup as supplement AUXILIARY object class. Some NSS/LDAP clients can use this schema.
In Æ-DIR I use multiple inheritance for the 'aeGroup' [2] STRUCTURAL object class to combine groupOfEntries (which permits empty groups) and classic posixGroup for backward compability with NSS/LDAP clients which are only capable to use 'memberUID' as member attribute. Furthermore slapo-constraint ensures that attribute value sets of 'member' and 'memberUID' are in sync.
( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description MAY aeDept )
Multiple object class inheritance is not possible with all LDAP servers (e.g. not possible with 389-DS).
Ciao, Michael.
[1] https://tools.ietf.org/html/draft-howard-rfc2307bis#section-4