In the old openldap-servers-2.2.13-4 from which I copied this data:
/etc/openldap/schema/nis.schema
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top STRUCTURAL
DESC 'Abstraction of a group of accounts'
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
In /etc/openldap/schema/core.schema I do see:
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
As well as:
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
Am I rfc2307 or rfc2307bis? According to sssd-ldap man page:
ldap_group_member (string)
The LDAP attribute that contains the names of the group´s
members.
Default: memberuid (rfc2307) / member (rfc2307bis)
I am currently using memberuid obviously so my clients can talk to the old
server.
Thanks so much for your needed assistance!
Thanks,
Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine
E: [email protected]
O: 212-746-6305
F: 212-746-8690
On Fri, Jul 21, 2017 at 12:23 PM, Quanah Gibson-Mount <[email protected]>
wrote:
> --On Friday, July 21, 2017 10:53 AM -0400 Douglas Duckworth
> <[email protected]> wrote:
>
> > limits
> > group/posixGroup/memberUid="cn=admins,ou=group,dc=server,dc=domain"
> > size=unlimited time=unlimited
> >
> > Though I am still hitting the limit.
>
> Hi Douglas,
>
> It would probably be worthwhile to dig into LDAP schema to understand
> attribute definitions, matching rules, etc.
>
> To start, memberUid is a string type. It's not a DN type:
>
> attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
> EQUALITY caseExactIA5Match
> SUBSTR caseExactIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>
> As opposed to member, which is specifically a DN type:
>
> attributetype: ( 2.5.4.31 NAME 'member'
> DESC 'RFC2256: member of a group'
> SUP distinguishedName )
>
> attributetype: ( 2.5.4.49 NAME 'distinguishedName'
> EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__www.symas.com&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9-
> RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=
> kbjP16BBt5vXdPM9Whbvm854h6iISbROyp41L0OQ2lw&s=mC1OpgC-
> KwREoe7aDfE6We28klGIEg6GvZBSzx-DiQE&e= >
>
>
