I've encountered the same issue as I was trying to use groupOfNames as I need memberOf to make use of ldap_access_filter to filter access by groups. It does not work with posixGroup. As I need posixGroup for uids/gids, I have to manage access via uids instead. Maybe there will be a way to create your own object class that does groupOfNames but allows it to work with posixGroup. My previous job, uses oracle ldap I think and works with uid/gid and ldap filter in sssd.
-----Original Message----- From: Roland Gruber <p...@rolandgruber.de> Sent: Monday, June 2, 2025 1:36 AM To: lam-public@lists.sourceforge.net Subject: Re: [Lam-public] Mass editing of records? Hi Dave, posixGroup and groupOfNames are structural object classes. This means you can only have one of them per entry. For memberOf you will need to create additional groupOfNames entries. LAM has a sync button when you edit the Unix groups of a user to help a bit. But you need to create both types of groups first. Best regards Roland Am 01.06.25 um 19:53 schrieb Dave Hayes: > On Sun, 1 Jun 2025 10:49:11 +0200, Roland Gruber <p...@rolandgruber.de> wrote: >> there should be no need to create memberURL entries. All members of a >> "groupOfNames" should have the memberOf attribute set now. > > That is not the case; it just does not work. No memberOf attributes appear. > > I believe this is because my posixGroup entries do not appear to have > the groupOfNames object class. My groups are like this: > >> #### DN: cn=training,cn=groups,dc=mycompany,dc=com >> cn => [ training ] >> gidNumber => [ 100 ] >> memberUid => [ alice, bob, carla, dave ], >> objectClass => [ apple-group,extensibleObject,posixGroup,top ] > > Attempting to add groupOfNames to any group (using tools outside of > LAM pro) to the entries results in: > > ERROR: 65 -- LDAP_OBJECT_CLASS_VIOLATION > > Attempting to add this with LAM pro by editing the server template and > then attempting to add groups results in the same LDAP error. > > If I go look at this LDAP wiki > (https://ldapwiki.com), it claims that the groupOfNames object class requires > "member" > attributes, which none of my groups have. My groups instead have "memberUid" > attributes. > > I think I am back to having to add "member" attributes to every group? > What else am I missing? _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public
