On Thu, 2009-11-12 at 10:37 -0500, Dmitri Pal wrote: > > So killing two birds with one stone we are thinking of introducing a > new > > attribute called posixName that has a case sensitive syntax and does > not > > conflict with other uses of uid and cn. We will probably still set > uid > > on users and cn on groups but they will be kept in sync with > posixName > > (except for cn on user accounts that holds the full name). > > > > > > So posixName will be a part of the user account object and group > object, > right? > Can you please add more details here?
Correct, we would switch to primarily use posixName for users and groups names. A group entry would probably look like this (from memory): cn=newgroup,cn=groups,cn=accounts,dc=example,dc=com objectclass: nestedgroup objectclass: posixGroup objectclass: ipaPosixName cn: newgroup posixName: newgroup member: ... member: ... When searching for this group we would use a query like: '(&(objectClass=posixGroup)(posixName=newgroup))' Same for users. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
