5:55 p.m.
Hi,
Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes, posixgroup and
groupofnames are structural causing conflicts if one wants to use both. And while
RFC2307bis is deleted by IETF, RFC2307 doesn't seem to have the same traction (or,
does it)? So, what's a good option? Simply switch posixgroup to AUX in
/etc/openldap/schema/nis.schema?
Thanks,
Siddhartha
11:38 p.m.
Siddhartha Jain <sjain(a)silverspringnet.com> writes:
Hi,
Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes,
posixgroup and groupofnames are structural causing conflicts if one
wants to use both. And while RFC2307bis is deleted by IETF, RFC2307
doesn't seem to have the same traction (or, does it)? So, what's a
good option? Simply switch posixgroup to AUX in
/etc/openldap/schema/nis.schema?
Both object classes follow different concepts. Object class
groupOfNames requires a member attribute type:
member: cn=foo bar,ou=people,dc=example,dc=conm
while posixgroup requires memberUid attribute type:
memberUid: foo
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E
12:44 a.m.
On 26/02/2010 08:38, Dieter Kluenter wrote:
Siddhartha Jain<sjain(a)silverspringnet.com> writes:
> Hi,
>
> Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes,
> posixgroup and groupofnames are structural causing conflicts if one
> wants to use both. And while RFC2307bis is deleted by IETF, RFC2307
> doesn't seem to have the same traction (or, does it)? So, what's a
> good option? Simply switch posixgroup to AUX in
> /etc/openldap/schema/nis.schema?
Both object classes follow different concepts. Object class
groupOfNames requires a member attribute type:
member: cn=foo bar,ou=people,dc=example,dc=conm
while posixgroup requires memberUid attribute type:
memberUid: foo
You should probably check what your applications need.
Alternatively, if you really need both, you can use a dynamic group to
provide similar behavior, see slapo-dynlist(5). This would in effect
mean you have 2 groups: one listing members, and another one,
dynamically filled from the contents of the first.
Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
4851
days inactive
4851
days old
openldap-technical@openldap.org
2 comments
3 participants
participants (3)
-
Dieter Kluenter -
Jonathan Clarke -
Siddhartha Jain