Ralf Mattes wrote: > Furthermore - are you shure you want to search for groupofnames and not > posixgroup? Group ID numbers are usually used with POSIX groups and since > both posixgroup and groupoufnames are structural groups they can't mix. It's > actually pretty unlikely that your server holds groupofnames with a numeric > group id. Note that there's RFC2307bis [1] which uses groupOfNames as STRUCTURAL object class and posixGroup as supplement AUXILIARY object class. Some NSS/LDAP clients can use this schema. In Æ-DIR I use multiple inheritance for the 'aeGroup' [2] STRUCTURAL object class to combine groupOfEntries (which permits empty groups) and classic posixGroup for backward compability with NSS/LDAP clients which are only capable to use 'memberUID' as member attribute. Furthermore slapo-constraint ensures that attribute value sets of 'member' and 'memberUID' are in sync. ( 1.3.6.1.4.1.5427.1.389.100.6.1 NAME 'aeGroup' DESC 'AE-DIR: Group entry' SUP ( groupOfEntries $ posixGroup $ groupOfURLs $ aeObject ) STRUCTURAL MUST description MAY aeDept ) Multiple object class inheritance is not possible with all LDAP servers (e.g. not possible with 389-DS). Ciao, Michael. [1] https://tools.ietf.org/html/draft-howard-rfc2307bis#section-4 [2] https://www.ae-dir.com/docs.html#schema-oc-aeGroup
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature