What I mean with "this" in "in AD this is possible" is the fact that you can assign group membership to OU membership (When user A is member of OU B, user A will become member of group C".
Afaik this is not possible with OpenLDAP. If it is, I would really like to know how. My only bet is with dynamic groups/list, but I have no idea how. Fred 2012/2/23 Buchan Milne <[email protected]> > On Wednesday, 22 February 2012 11:22:55 Fred van Zwieten wrote: > > Hi all, > > > > warning: openldap newbie.. > > > > is it possible to have a person put into an OU and, because of this, will > > become member of some group in such a way that this group shows up in > linux > > using "id". This to implement some form of RBAC. I found GroupofMembers, > > but that has nothing to do with OU's. Also, it seems posixGroup and > > groupOfMembers objecttypes are no longer allowed together because the are > > both STRUCTURAL. > > Not in nis.schema, but in rfc2307bis.schema, posixGroup is not structural. > > > In AD this is possible. > > It is possible in OpenLDAP too. Just now with nis.schema. Most LDAP clients > support rfc2307bis. > > Regards, > Buchan >
