[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: questions about acls.

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: questions about acls.
From: Adam Shand <larry@spack.org>
Date: Fri, 9 Feb 2001 11:15:24 -0800 (PST)
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <5.0.2.1.0.20010208213748.00af1c10@router.boolean.net>

> >> Luke Howard suggests making posixGroups auxiliary object classes to an
> >> actual groupOfNames oc.
> >
> >would i do this by editing the nis.schema and changing the objectclass
> >definition of posixGroup from having "SUP top" to "SUP groupOfNames"?
>
> You certainly should NOT muck with existing schema. Schema once
> published should be viewed as static.

my problem is that i don't know what an "auxiliary object class" is?  is
luke howard advocating what you say shouldn't be done or am i
misunderstanding?

> You can extend it, you can replace it.  Both requiring defining new
> schema items with new OIDs.

okay so if i want the group acl to work what are the requirements, does it
just have to have the "member" attribute available?  like this:

objectclass ( x.x.x.x.x.x.x NAME 'myPosixGroup' SUP top STRUCTURAL
        DESC 'Abstraction of a group of accounts'
        MUST ( cn $ gidNumber )
        MAY ( userPassword $ memberUid $ description $ member ) )

and what do i use for the oid if i don't have registered space?

adam.

References:
- Re: questions about acls.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Getting started
Next by Date: Couldn't start TLS
Index(es):
- Chronological
- Thread