Hi everybody,
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
So what to take : groupOf Names or groupOfUniqueNames besides posixGroup ?
Regards, Olaf
--On Wednesday, September 2, 2020 12:11 PM +0200 Olaf Hopp Olaf.Hopp@kit.edu wrote:
Hi everybody,
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
I generally reocommend groupOfNames for LDAP groups, which is a different concept than *NIX posix groups.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 9/2/20 6:57 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 2, 2020 12:11 PM +0200 Olaf Hopp Olaf.Hopp@kit.edu wrote:
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
I generally reocommend groupOfNames for LDAP groups, which is a different concept than *NIX posix groups.
In opposite to some other LDAP servers OpenLDAP's slapd support inheriting an object class from multiple parent classes.
This can be used to solve this problem with a hybrid group schema:
https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/files/schema/a...
groupOfEntries is used to allow empty groups without members.
And of course you have to ensure that attributes 'member' and 'memberUid' are in sync.
Ciao, Michael.
So thanks for al your valuable input. I really will go with "groupOfNames".
But just for the information: VMware virtual center connected to an openldap server as authentication source insist(!) of groups having "groupOfUniqueNames". They do a search on this objectClass and it is not configurable ! See https://kb.vmware.com/s/article/2064977
Regards, Olaf
--On Monday, September 7, 2020 1:14 PM +0200 Olaf Hopp Olaf.Hopp@kit.edu wrote:
So thanks for al your valuable input. I really will go with "groupOfNames".
But just for the information: VMware virtual center connected to an openldap server as authentication source insist(!) of groups having "groupOfUniqueNames". They do a search on this objectClass and it is not configurable ! See https://kb.vmware.com/s/article/2064977
I would file a bug with VMware, there's no reason for such a limitation to exist.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Am Wed, 2 Sep 2020 11:11:56 +0200 schrieb Olaf Hopp Olaf.Hopp@kit.edu:
Hi everybody,
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
So what to take : groupOf Names or groupOfUniqueNames besides posixGroup ?
I would vote for groupOfnames. If you prefer groupOfUniqueNames you should provide uniqueness.
https://ldapwiki.com/wiki/GroupOfUniqueNames%20vs%20groupOfNames https://ldapwiki.com/wiki/UniqueMember
The use of posixgroup depends on your requirements.
-Dieter
Dieter Klünter dieter@dkluenter.de schrieb am 02.09.2020 um 19:04 in
Nachricht 20200902190443.664d1d35@pink.fritz.box:
Am Wed, 2 Sep 2020 11:11:56 +0200 schrieb Olaf Hopp Olaf.Hopp@kit.edu:
Hi everybody,
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
So what to take : groupOf Names or groupOfUniqueNames besides posixGroup ?
I would vote for groupOfnames. If you prefer groupOfUniqueNames you should provide uniqueness.
https://ldapwiki.com/wiki/GroupOfUniqueNames%20vs%20groupOfNames https://ldapwiki.com/wiki/UniqueMember
The use of posixgroup depends on your requirements.
Actually I had never considered adding suplicates to a groupOfNames, mostly because I cannot imaging a use case; anyone have a usew case?
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
"Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de schrieb am 03.09.2020
um 08:29 in Nachricht 5F508D2D020000A10003B140@gwsmtp.uni-regensburg.de:
Dieter Klünter dieter@dkluenter.de schrieb am 02.09.2020 um 19:04 in
Nachricht 20200902190443.664d1d35@pink.fritz.box:
Am Wed, 2 Sep 2020 11:11:56 +0200 schrieb Olaf Hopp Olaf.Hopp@kit.edu:
Hi everybody,
we are at the point of reorganising our LDAP. Currently we only have posixGroups, but in future we also want to support groupOfNames or groupOfUniqueNames My question what is the common sense of usage ? groupOfNames or groupOfUniqueNames ?
I know your answers, you will say "it depends on your applications" but currently I have no application using it. All my current applications use my posixGroups. I just want to extend my LDAP for future use cases.
So what to take : groupOf Names or groupOfUniqueNames besides posixGroup ?
I would vote for groupOfnames. If you prefer groupOfUniqueNames you should provide uniqueness.
https://ldapwiki.com/wiki/GroupOfUniqueNames%20vs%20groupOfNames https://ldapwiki.com/wiki/UniqueMember
The use of posixgroup depends on your requirements.
Actually I had never considered adding suplicates to a groupOfNames, mostly
s/suplicates/duplicates/ # sorry
because I cannot imaging a use case; anyone have a usew case?
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
Dieter Klünter -
Michael Ströder -
Olaf Hopp -
Quanah Gibson-Mount -
Ulrich Windl