Hi Dave,
posixGroup and groupOfNames are structural object classes. This means
you can only have one of them per entry. For memberOf you will need to
create additional groupOfNames entries.
LAM has a sync button when you edit the Unix groups of a user to help a
bit. But you need to create both types of groups first.
Best regards
Roland
Am 01.06.25 um 19:53 schrieb Dave Hayes:
On Sun, 1 Jun 2025 10:49:11 +0200, Roland Gruber <p...@rolandgruber.de> wrote:
there should be no need to create memberURL entries. All members of a
"groupOfNames" should have the memberOf attribute set now.
That is not the case; it just does not work. No memberOf attributes appear.
I believe this is because my posixGroup entries do not appear to have the
groupOfNames object class. My groups are like this:
#### DN: cn=training,cn=groups,dc=mycompany,dc=com
cn => [ training ]
gidNumber => [ 100 ]
memberUid => [ alice, bob, carla, dave ],
objectClass => [ apple-group,extensibleObject,posixGroup,top ]
Attempting to add groupOfNames to any group (using tools outside of LAM pro) to
the entries results in:
ERROR: 65 -- LDAP_OBJECT_CLASS_VIOLATION
Attempting to add this with LAM pro by editing the server template and then
attempting to add groups results in the same LDAP error.
If I go look at this LDAP wiki
(https://ldapwiki.com), it claims that the groupOfNames object class requires
"member"
attributes, which none of my groups have. My groups instead have "memberUid"
attributes.
I think I am back to having to add "member" attributes to every group? What
else am I missing?
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
