Brendan Kearney wrote: > As a caveat to my ACLs, most of my groups are the posixGroup class. > from what i understand, that means i need to use set ACLs, instead of > group ACLs. I guess you're talking about RFC2307 vs. RFC2307bis posixGroup definition. > In my searching, i have found an explicit reason to keep using the > posixGroup type, as NFSv4 ACLs can only use posixGroup types of groups. > the dependency is because of the use of memberUid attributes. Well, so I'll keep my custom hybrid group schema for now: objectclass ( some-custom-oid-here NAME 'hybridPosixGroup' DESC 'Group for mixed group schema RFC 2307 and RFC 2307bis' STRUCTURAL SUP ( groupOfNames $ posixGroup ) ) The caveat is that you have to synchronously maintain attributes 'member' and 'memberUID'. In my deployments web2ldap does that for me. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature