On Wed, Jul 19, 2006 at 11:01:53AM -0400, Adam Tauno Williams wrote: > > >> Are there any recomendations should I use posixGroup or > > >> groupOfUniqueNames for new installations? > > > Neither! Use "groupOfNames"; "groupOfUniqueNames" is not what you think > > > it is. > > That is because of the tantalizing name "groupOfUniqueNames", making > you think that names in "groupOfNames" are not unique. But of course > they are, LDAP doesn't support redundant values in an attribute (AFAIK). > > But "member" (groupOfNames) is of type "distinguishedName" and > "uniqueMember" (groupOfUniqueNames) is > "1.3.6.1.4.1.1466.115.121.1.34" (which means "Name And Optional UID"). > > http://www.alvestrand.no/objectid/1.3.6.1.4.1.1466.115.121.1.34.html > > uniqueMember is almost certainly not what you want. > > > > Hmmm... Interesting, searching via google mostly returned references > > suggesting most of the folks out there (and therefore tools they are > > using) utilize groupOfUniqueNames. However, I might be wrong. > > We used to use groupOfUniqueNames until we realized the error and > switched to groupOfNames. But groupOfNames is the correct objectclass > for a group defined as a collection of DNs. > > > Anyhow, if using either groupOfNames or groupOfUniqueNames, how about > > gidNumber attribute from posixGroup? I guess nss_ldap is not going to > > work without it. What would be the best way to add that attribute? > > Other than defining my custom object classes or using extensibleObject > > (obviously you do not recommend those two approaches)? > > In rfc2307bis.schema posixGroup is AUXILLIARY. > > objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY > DESC 'Abstraction of a group of accounts' > MUST gidNumber > MAY ( userPassword $ memberUid $ > description ) )
in my schema poasixGroup is a structual ( openldap on debian), what is rfc2308bis.schema ?? > > So it can be used in an additive fashion to groupOfNames. > > > --- > You are currently subscribed to [email protected] as: [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as > the SUBJECT of the message. >
signature.asc
Description: Digital signature
--- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
