That's interesting ... the schema that Ubuntu ship with openLDAP says that posixAccount is AUXILIARY but posixGroup is STRUCTURAL.
Time to modify the schema :-). I still find it hard to believe, though, that there doesn't seem to be an official schema for defining an email address to go with a group. There seem to be various attempts at defining a schema but nothing seems to be widely adopted or official. Regards Philip On 9 January 2013 11:03, Angel Bosch <[email protected]> wrote: > they've been non-structural for some time: > http://osdir.com/ml/ldap.umich/2006-07/msg00015.html > > you can modify your schemas to make both work together. I do it all the > time. > > > ------------------------------ > *De: *"Philip Colmer" <[email protected]> > *A: *[email protected] > *Enviat: *Dimecres, 9 de Gener 9el 2013 11:55:43 > *Assumpte: *Re: [Lam-public] Any suggestions for combining posix groups > with email groups? > > > Actually, it turns out that you can't combine posixGroup with > groupOfUniqueNames - they are both structural classes so you can only have > one of them. > > So I'm still stuck. Even if I wanted to just focus on the aspect of > sorting out how to define an email group, groupOfUniqueNames is closest to > that requirement but doesn't have an attribute for the email address! > > Philip > > > > On 9 January 2013 09:16, Philip Colmer <[email protected]> wrote: > >> Hi >> >> Apologies if this isn't directly relevant to LAM but I'm hoping that the >> list audience will have come across a similar challenge and may have some >> ideas or knowledge to share. >> >> I'm trying to use an LDAP store for both user authentication and >> synchronisation to Google Apps. To that end, I want groups in LDAP to serve >> two purposes: security groups and mailing lists - preferably at the same >> time. >> >> I'm struggling, however, to decide what objectClasses are best to use >> here. For example, using posixGroup allows me to specify a gid, which means >> I can then use those groups in UNIX security ACLs. However, for mailing >> lists, I ideally need two attributes: the group owner (which I can get if I >> add the groupOfUniqueNames class) and an email address for the list. >> >> Unfortunately, although I *can* combine posixGroup >> and groupOfUniqueNames, they store the membership list in different >> attributes. Ultimately, that isn't a huge issue because I can tell the >> Google sync tool which attribute to read for the membership, and Unix will >> always use the memberUid attribute. >> >> Has anyone else tried to accomplish anything similar - or remotely >> similar? If so, how did you approach it? >> >> From a LAM perspective (bringing the question back onto topic!), are >> there any recommendations there that might influence how I solve this? >> >> Many thanks. >> >> Philip >> >> > > > ------------------------------------------------------------------------------ > Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery > and much more. Keep your Java skills current with LearnJavaNow - > 200+ hours of step-by-step video tutorials by Java experts. > SALE $49.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122612 > _______________________________________________ > Lam-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public > >
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
