[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?

To: Philip Colmer <philip.colmer@linaro.org>, openldap-technical@openldap.org
Subject: Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
From: Howard Chu <hyc@symas.com>
Date: Mon, 24 Feb 2014 06:27:18 -0800
In-reply-to: <CAKTSSTjVSFg_Cn6HuzhZWnmu4PObxTYhbwt8aokB-3AYYE5BfA@mail.gmail.com>
References: <651402065.18933.1393009966826.JavaMail.root@standard.k12.ca.us> <1530492157.19050.1393010052750.JavaMail.root@standard.k12.ca.us> <20140222075558.32a4b198@pink.avci.de> <CAKTSSTjVSFg_Cn6HuzhZWnmu4PObxTYhbwt8aokB-3AYYE5BfA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

Philip Colmer wrote:

This was an area where I also got stuck when researching this last year. My
conclusions were:

1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
class that defines members with DNs are likely to fail.


Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
  - From: Philip Colmer <philip.colmer@linaro.org>

References:
- strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
  - From: Jefferson Davis <jdavis@standard.k12.ca.us>
- Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
  - From: Philip Colmer <philip.colmer@linaro.org>

Prev by Date: Re: Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to coexist?
Next by Date: Re: dynlist groups not usable in ACLs?
Index(es):
- Chronological
- Thread