Am Mittwoch, 26. Februar 2014 schrieb Jefferson Davis:
> Sorry to be dense, but it appears I create my schema file from the
> attribute definitions in the RFC, is that correct?
Yes
--
Harry Jede
rg
Sent: Wed, 26 Feb 2014 04:55:26 -0800 (PST)
Subject: Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to
coexist?
Jefferson Davis wrote:
> So I've read, however, there is very little documentation on
> implementation, at least that I've been able to find.
There a
uot;
> To: openldap-technical@openldap.org
> Sent: Friday, February 21, 2014 10:55:58 PM
> So I've read, however, there is very little documentation on
> implementation, at least that I've been able to find. Subject: Re:
> strategy for getting groupOfNames (AD) and posixAccou
ver, there is very little documentation on implementation, at
least that I've been able to find.
Subject: Re: strategy for getting groupOfNames (AD) and posixAccount (Unix) to
coexist?
Am Fri, 21 Feb 2014 11:14:12 -0800 (PST)
schrieb Jefferson Davis :
> This has been beati
Philip Colmer wrote:
> > Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis.
>
> Just to clarify, then, are you saying that if I use RFC2307bis so that
> I can define a group that built from object classes posixGroup and
> groupOfNames, and I define the membership of that group u
Philip Colmer wrote:
> 1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
> class that defines members with DNs are likely to fail.
Nope.
> 3. rfc2307bis has expired so there won't be much (any?) application support
> for it. One of my key criteria when designing how our
> Nonsense. nss_ldap, nss-pam-ldapd, and nssov all support RFC2307bis.
Just to clarify, then, are you saying that if I use RFC2307bis so that
I can define a group that built from object classes posixGroup and
groupOfNames, and I define the membership of that group using the
groupOfNames member at
Philip Colmer wrote:
This was an area where I also got stuck when researching this last year. My
conclusions were:
1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
class that defines members with DNs are likely to fail.
Nonsense. nss_ldap, nss-pam-ldapd, and nssov al
> So what did replace "rfc2307bis"?
As far as I can tell, nothing replaced it. The schema wasn't adopted.
> IMHO until there is a replacement, the old schema will continue to be
used.
You can certainly take that approach, but if the RFC isn't adopted, is that
much different from making your own
>>> Philip Colmer schrieb am 24.02.2014 um 10:43 in
Nachricht
[...]
> 3. rfc2307bis has expired so there won't be much (any?) application support
> for it. One of my key criteria when designing how our LDAP system was set
> up was to use classes that applications/systems were expecting to find.
[
This was an area where I also got stuck when researching this last year. My
conclusions were:
1. UNIX needs group membership to be UIDs and not DNs, so attempts to use a
class that defines members with DNs are likely to fail.
2. UNIX doesn't support nesting of groups. If you implement a solution t
Am Fri, 21 Feb 2014 11:14:12 -0800 (PST)
schrieb Jefferson Davis :
> This has been beating me like a red-headed stepchild...
>
> In the AD world, groupOfNames is expected (in combination with the
> member attribute, provides for reverse group resolution, ie users by
> group membership AND groups
On Feb 21, 2014, at 14.14, Jefferson Davis wrote:
> This has been beating me like a red-headed stepchild...
>
> In the AD world, groupOfNames is expected (in combination with the member
> attribute, provides for reverse group resolution, ie users by group
> membership AND groups by member incl
This has been beating me like a red-headed stepchild...
In the AD world, groupOfNames is expected (in combination with the member
attribute, provides for reverse group resolution, ie users by group membership
AND groups by member inclusion).
On the unix side of the fence, groups REQUIRE a gid
14 matches
Mail list logo
