Simo Sorce wrote:
On Thu, 2009-11-12 at 10:37 -0500, Dmitri Pal wrote:
So killing two birds with one stone we are thinking of introducing a
attribute called posixName that has a case sensitive syntax and does
conflict with other uses of uid and cn. We will probably still set
on users and cn on groups but they will be kept in sync with
(except for cn on user accounts that holds the full name).

So posixName will be a part of the user account object and group
Can you please add more details here?

we would switch to primarily use posixName for users and groups names.

A group entry would probably look like this (from memory):

objectclass: nestedgroup
objectclass: posixGroup
objectclass: ipaPosixName
cn: newgroup
posixName: newgroup
member: ...
member: ...

When searching for this group we would use a query like:

Same for users.


FYI, here is the new schema I've come up with:

dn: cn=schema
attributeTypes: ( 2.16.840.1.113730. NAME 'posixName' EQUALITY caseExactMatch SYNTAX SINGLE-VALUE) objectClasses: ( 2.16.840.1.113730. NAME 'ipaPosixName' DESC 'Case-sensitive name common to users and groups' AUXILIARY MUST ( posixName ) X-ORIGIN 'IPA v2' )

It also occurs to me that we'll need to prevent any modifications to the posixName attribute unless the cn/uid is also being modified. On other word, sync needs to be 2-way.



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-devel mailing list

Reply via email to