On 26/02/2010 08:38, Dieter Kluenter wrote:
Siddhartha Jainsjain@silverspringnet.com writes:
Hi,
Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes, posixgroup and groupofnames are structural causing conflicts if one wants to use both. And while RFC2307bis is deleted by IETF, RFC2307 doesn't seem to have the same traction (or, does it)? So, what's a good option? Simply switch posixgroup to AUX in /etc/openldap/schema/nis.schema?
Both object classes follow different concepts. Object class groupOfNames requires a member attribute type:
member: cn=foo bar,ou=people,dc=example,dc=conm
while posixgroup requires memberUid attribute type:
memberUid: foo
You should probably check what your applications need.
Alternatively, if you really need both, you can use a dynamic group to provide similar behavior, see slapo-dynlist(5). This would in effect mean you have 2 groups: one listing members, and another one, dynamically filled from the contents of the first.
Regards, Jonathan