okossuth@antel.com.uy wrote:
Ok so you are telling me to not use usermod at all and just do the modifications with a LDAP client tool like phpldapadmin?
Yes, if the LDAP client tool manages the right attribute. I don't know phpldapadmin in detail.
This default configuration for group maintenance is in the standard source distribution of web2ldap:
# The definitions for group entry administration groupadm_defs={ 'groupOfNames': ('member',None), 'groupOfUniqueNames': ('uniqueMember',None), 'organizationalRole': ('roleOccupant',None), 'rfc822MailGroup': ('mail','mail'), 'nisMailAlias': ('rfc822MailMember','mail'), 'mailGroup': ('mgrprfc822mailmember','mail'), # Found on IBM SecureWay Directory 'accessGroup': ('member',None), # RFC2370 'posixGroup': ('memberUid','uid'), 'nisNetgroup': ('memberNisNetgroup','uid'), # Samba 3.0 'sambaGroupMapping': ('sambaSID','sambaSID'), # Active Directory 'group': ('member',None), # draft-findlay-ldap-groupofentries 'groupOfEntries': ('member',None), },
I think you get the idea. It can be customized for particular LDAP target servers or name spaces to meet your needs. Being the author of web2ldap I'm biased off course.
Ciao, Michael.