Re: How to enable memberOf overlay with posixGroup?

[Clément OUDOT <clement.oudot@savoirfairelinux.com>]

Le 08/09/2016 à 04:52, Ryan Tandy a écrit :
> On Wed, Sep 07, 2016 at 11:10:30PM +0200, MegaBrutal wrote:
> > I also figured that memberOf would need groupOfNames groups, while I 
> > need posixGroup type groups. I evaluated the possibility to use 
> > groupOfNames, but it lacks the necessary gidNumber attribute which is 
> > a requirement for Unix groups.
>
> This is the key issue.
>
> A draft schema known as "rfc2307bis" exists, which replaces (!) the 
> published RFC2037 schema with one compatible with groupOfNames.
>
> A published solution to this problem does not currently exist. In the 
> past year there have been some discussions on the ldapext list. You 
> can find the archives of that list at:
>
> https://www.ietf.org/mailman/listinfo/ldapext

Hi,

as a workaround, I often create a small connector that synchronises 
posixGroup objects into groupOfNames. It's really easy to do with LSC 
(http://www.lsc-project.org).

With this, you only manage POSIX groups, and standard groups are updated 
automatically. You can then use the memberOf overlay on groupOfNames.

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot