[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Types of Groups, Structural objects and Inheritance
- To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: Types of Groups, Structural objects and Inheritance
- From: Brendan Kearney <bpk678@gmail.com>
- Date: Thu, 27 Jun 2013 20:21:06 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:date:content-type:x-mailer:mime-version :content-transfer-encoding; bh=frqsODyVlHGSY3LlnlWkIWUBhaa5r5pItU3Yz1Nmxtc=; b=Ep7aKunTaU0lrq6mf1EWRaQEG0IBm9u04SsS24L1cnoeBV+zsi9wWjlPT0gn3IDkpG pMhpI2fJSqSV2SXWvnLHwTxEIptjddkzJngNzy/bhDluzar3yJKWgwpAZZ3fcW4Jw4g8 745zia6vYUyda6Edvfct96UDtwMmlzPnYqb+DU4QFYjVUxRdjb4gPKSBrccyF5MBzW4E Y3DKgSSdLAOZBVJXH9O97Yvku/C2+E/FPonZiQtz3CqtXLJShecrzjchKH22Qq9Ik2zR kSsh7zUErz2fGoBkVyrzhKTNhgEczvPzWIJOauyr85fB/Z5L5RC/yxnC26NItJhl+0bM T3kg==
list members,
As a caveat to my ACLs, most of my groups are the posixGroup class.
from what i understand, that means i need to use set ACLs, instead of
group ACLs. this does not seem to be a big deal, and is covered in the
admin guide. that being said, i am looking to find out what the
functional differences between a posixGroup and groupOfNames are? are
there significant reasons to use one over the other? in my environment,
i have the ability to recreate all the posixGroup objects as
groupOfNames objects, if it would help with the creation of ACLs and
other work to be done. is that a worthwhile effort?
In my searching, i have found an explicit reason to keep using the
posixGroup type, as NFSv4 ACLs can only use posixGroup types of groups.
the dependency is because of the use of memberUid attributes. would
there be any other explicit reasons to use one group type over another?
my users have inetOrgPerson as their structural class, and as such i
cannot add the NFSv4RemotePerson class to their list of objectClass
attributes. the NFSv4RemotePerson class is structural as well. i have
heard about the ability to create a hierarchy of objectClass objects so
that an object can inherit the properties of all the SUP classes. is
there a way i can create this hierarchy to allow multiple structural
class attributes to be inherited by user objects? i have not found much
info around doing this. are there any pointers?
thanks in advance,
brendan