Hi Dave,
yes, this means two (duplicated) records. rfc2307bisPosixGroup is only
possible if you have Suse Linux. They have a non-standard schema that
allows posixGroup and groupOfNames on the same entry.
I think you cannot use dynlist for posixGroup as memberUid does not
contain a DN. But you can ask on the OpenLDAP mailinglist to be sure.
Best regards
Roland
Am 02.06.25 um 19:07 schrieb Dave Hayes:
On Mon, 2 Jun 2025 07:35:35 +0200, Roland Gruber <p...@rolandgruber.de> wrote:
posixGroup and groupOfNames are structural object classes. This means
you can only have one of them per entry. For memberOf you will need to
create additional groupOfNames entries.
Ack. Are these to be duplicated records, so I have for each group a posixGroup
and a groupOfNames group with effectively the same data?
LAM has a sync button when you edit the Unix groups of a user to help a
bit.
Hmm...this seems relevant
https://www.ldap-account-manager.org/static/doc/manual/ch04s03.html#rfc2307bisPosixGroup
When you say "sync", how does this help if all of my groups are in posixGroup?
Reading this section:
This will automatically set the group memberships of the Unix part to the same
members as set on group of names tab.
Can LAM pro copy all the posixGroup entries to groupOfNames entries in any way?
But you need to create both types of groups first.
This seems less than ideal ... the implication I am receiving is that we have
to maintain two different LDAP records for each group.
Is it possible to get dynlist to traverse the posixGroup entries and come up
with memberOf values?
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
