On 26/02/2010 08:38, Dieter Kluenter wrote:
Siddhartha Jain<sjain(a)silverspringnet.com> writes:
> Hi,
>
> Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes,
> posixgroup and groupofnames are structural causing conflicts if one
> wants to use both. And while RFC2307bis is deleted by IETF, RFC2307
> doesn't seem to have the same traction (or, does it)? So, what's a
> good option? Simply switch posixgroup to AUX in
> /etc/openldap/schema/nis.schema?
Both object classes follow different concepts. Object class
groupOfNames requires a member attribute type:
member: cn=foo bar,ou=people,dc=example,dc=conm
while posixgroup requires memberUid attribute type:
memberUid: foo
You should probably check what your applications need.
Alternatively, if you really need both, you can use a dynamic group to
provide similar behavior, see slapo-dynlist(5). This would in effect
mean you have 2 groups: one listing members, and another one,
dynamically filled from the contents of the first.
Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) -
http://lsc-project.org
--------------------------------------------------------------