Hello,
for samba, pam on linux, squid and others we use the standard posixGroup with memberUID attributes for the groupmemebershios. Now we would like to user the LDAP autentication module in the checkpoint firewall. This expects the members of a group as groupOfNames member attributes with the full dn . Is there a way to configure openLDAP to keep keep the groupofNames automatically in sync with the posixGroup ?
Thanks Andreas
andreas.moroder@sb-brixen.it wrote:
for samba, pam on linux, squid and others we use the standard posixGroup with memberUID attributes for the groupmemebershios. Now we would like to user the LDAP autentication module in the checkpoint firewall. This expects the members of a group as groupOfNames member attributes with the full dn . Is there a way to configure openLDAP to keep keep the groupofNames automatically in sync with the posixGroup ?
I don't know a server-side solution.
In such cases (I try to avoid if possible) I'm using a custom group object class which provides both:
objectclass ( my-custom-oid NAME 'myPosixGroup' DESC 'Posix group for mixed group schema RFC 2307 and RFC 2307bis' SUP ( groupOfNames $ posixGroup ) STRUCTURAL )
Then I can maintain this group entries with web2ldap which maintains both attributes. Changing a group membership results in both attributes being updated with a single ModifyRequest.
Ciao, Michael.
openldap-technical@openldap.org
-
andreas.moroder@sb-brixen.it -
Michael Ströder