[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Groups

To: Digant Kasundra <digant@uta.edu>
Subject: Re: Groups
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Tue, 27 Jul 2004 12:20:11 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <CEE4E6ECB6C98C4281D09A17EC3DC0ED07244501@exchange.uta.edu>
References: <CEE4E6ECB6C98C4281D09A17EC3DC0ED07244501@exchange.uta.edu>
User-agent: Mozilla Thunderbird 0.7.1 (X11/20040701)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Digant Kasundra wrote:
| Hello everyone,
|
| When using group restrictions in ACLs or when using dynamic groups, does
| OpenLDAP expect group entries to be of objectClass groupOfNames, or
does it
| only require entries to have the member attributes.
|

Wrong questions ...

| The reason I ask is because I need to two "methods" of grouping:
posixGroups
| and groupOfNames styles.  Since both are structural, I was hoping to
make a
| new objectclass that would be AUX and allow for the member attribute
| (because posix searches *have* to be objectclass posixGroup according
to the
| RFC).

The problem though is that the memberUid attribute is a username (not a
DN), which openldap can't do very much with ...

There is a schema around which allows a single DN to be both
groupOfNames and posixGroup, but it doesn't solve the above problem ...
(memberUid vs member).

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBBixbrJK6UGDSBKcRAoGsAJ9FhU2p7lfmFbqsWj5TE8814cUIbgCgkGHq
rUE9SoMpsCxQQ1ncXZjgnNk=
=ObSP
-----END PGP SIGNATURE-----

References:
- Groups
  - From: Digant Kasundra <digant@uta.edu>

Prev by Date: Re: bdb-backend problems
Next by Date: Re: syncrepl mangles entryUUID
Index(es):
- Chronological
- Thread