--On Monday, August 30, 2021 8:26 PM +0200 Saša-Stjepan Bakša ssbaksa@gmail.com wrote:
--On Monday, August 30, 2021 11:14 AM +0200 Saša-Stjepan Bakša ssbaksa@gmail.com wrote:
I have similar situation and also a replicated environment. I am using posixGroup only and never had any need for a memberOf attribute. But now, my devs have a software which insists on that attribute so I should provide it for them.
posixGroup is not a valid objectClass to use with providing memberOf information.
--Quanah
Ouch! I have 51 different posixGroup groups which have been in use for more than 10 years and now because of one piece of software I must change the way I manage them all. Not happy at all.
What is your suggestion Quanah? Can I just add an object? It would be a problem if I must change all services. Or maybe just add a few new groups of different types for that software. That will be great if it is appropriate.
@Dave Macias Can you share the structure of your groups?
member/memberOf depend on LDAP groups, not unix groups, which are based on DNs.
Example groups objectClasses are:
groupOfNames (core schema) groupOfUniqueNames (core schema) groupOfMembers (rfc2307bis schema)
Of these three, I would recommend either groupOfNames or groupOfMembers
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org