> Are there any recomendations should I use posixGroup or > groupOfUniqueNames for new installations?
Neither! Use "groupOfNames"; "groupOfUniqueNames" is not what you think it is. > I found some info on the web about posixAccount being deprecated, and > that groupOfUniqueNames should be used instead. > However, looking at definition of groupOfUniqueNames object class, the > uniqueMember attribute is mandatory. Yep. > Which makes it impossible to > define an empty group (group with no members). Yep. > Or to remove the last > member of the group, but still keep the group for future use. Yep. > This > might be serious problem for migrating data from standard Unix > /etc/group file. Not really, just have a DN you can put in every group. If the DN doesn't correspond to a posixAccount the NSS subsystem will ignore it. > OK, I could use tricks to go around that (like > having dummy member in all groups or using extensibleObject, or > defining my own object class). But still. > On the other hand, I found info about posixGroup being deprecated > (true? false?) Maybe, but who cares, everyone uses it. It is a very strong 'defacto' standard. And posixGroup and groupOfNames are very different kinds of groups. But groupOfNames can be used as POSIX groups with RFC2307BIS support. So you just have to pick. > and also info that some utilities do not work nicely > with posixGroup (for example, Fedora Directory Server seems to work > better with groupOfUniqueNames). > Or should I maybe try to define both by using a custom objectclass, Always something good to avoid if possible. > something like this (to allow me to define both memberUid and > uniqueMember attributes). You do NOT want "uniqueMember", you want "member". Look closely at the schema definition, they are not the same. And "member" is just as unique in the sense you mean as uniqueMember - you can't have duplicate "member"s. The 'uniqueness' of uniqueMember is something else entirely that is a hold over from X.500. > objectclass ( assign-new-oid-here > NAME 'myGroup' > DESC 'My Group' > SUP ( posixGroup $ groupOfUniqueNames ) > ) > and than define group like: And you loose the ability to use any standard tools. > Or maybe simply using extensibleObject instead of defining my own > object class to acomplish above. extensibleObject is icky. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
