> >> Are there any recomendations should I use posixGroup or > >> groupOfUniqueNames for new installations? > > Neither! Use "groupOfNames"; "groupOfUniqueNames" is not what you think > > it is.
That is because of the tantalizing name "groupOfUniqueNames", making you think that names in "groupOfNames" are not unique. But of course they are, LDAP doesn't support redundant values in an attribute (AFAIK). But "member" (groupOfNames) is of type "distinguishedName" and "uniqueMember" (groupOfUniqueNames) is "1.3.6.1.4.1.1466.115.121.1.34" (which means "Name And Optional UID"). http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.34.html uniqueMember is almost certainly not what you want. > Hmmm... Interesting, searching via google mostly returned references > suggesting most of the folks out there (and therefore tools they are > using) utilize groupOfUniqueNames. However, I might be wrong. We used to use groupOfUniqueNames until we realized the error and switched to groupOfNames. But groupOfNames is the correct objectclass for a group defined as a collection of DNs. > Anyhow, if using either groupOfNames or groupOfUniqueNames, how about > gidNumber attribute from posixGroup? I guess nss_ldap is not going to > work without it. What would be the best way to add that attribute? > Other than defining my custom object classes or using extensibleObject > (obviously you do not recommend those two approaches)? In rfc2307bis.schema posixGroup is AUXILLIARY. objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DESC 'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ memberUid $ description ) ) So it can be used in an additive fashion to groupOfNames. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
