Jefferson Davis wrote:
So I've read, however, there is very little documentation on
implementation, at least that I've been able to find.
There are tons of information about nis, rf2307 and/or rfc207bis.
However it is easy to search but often hard to find.
So before you search the web, try
Am Mittwoch, 26. Februar 2014 schrieb Jefferson Davis:
Sorry to be dense, but it appears I create my schema file from the
attribute definitions in the RFC, is that correct?
Yes
--
Harry Jede
So I've read, however, there is very little documentation on implementation, at
least that I've been able to find.
- Original Message -
From: Dieter Klünter die...@dkluenter.de
To: openldap-technical@openldap.org
Sent: Friday, February 21, 2014 10:55:58 PM
So I've read, however,
Philip Colmer wrote:
This was an area where I also got stuck when researching this last year. My
conclusions were:
1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
class that defines members with DNs are likely to fail.
Nonsense. nss_ldap, nss-pam-ldapd, and nssov
Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis.
Just to clarify, then, are you saying that if I use RFC2307bis so that
I can define a group that built from object classes posixGroup and
groupOfNames, and I define the membership of that group using the
groupOfNames member
Philip Colmer wrote:
1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
class that defines members with DNs are likely to fail.
Nope.
3. rfc2307bis has expired so there won't be much (any?) application support
for it. One of my key criteria when designing how our
Philip Colmer wrote:
Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis.
Just to clarify, then, are you saying that if I use RFC2307bis so that
I can define a group that built from object classes posixGroup and
groupOfNames, and I define the membership of that group using
Am Fri, 21 Feb 2014 11:14:12 -0800 (PST)
schrieb Jefferson Davis jda...@standard.k12.ca.us:
This has been beating me like a red-headed stepchild...
In the AD world, groupOfNames is expected (in combination with the
member attribute, provides for reverse group resolution, ie users by
group
