[389-users] posixGroup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2009-05-21 at 15:28 +0200, Michael Str?der wrote:
> John A. Sullivan III wrote:
> > On Thu, 2009-05-21 at 18:07 +0600, Dmitry Amirov wrote:
> >> Hello.
> >>
> >> My question is simple. I need to create unix group. If i try to do this
> >> via New->Group, then i can't see posixGroup. So i can add posixGroup
> >> only manually by adding needed attributes. But i want to add via console
> >> such as i can add new user.
> > <snip>
> > If I correctly understand what you want, what I typically do is create
> > the group, click on Advanced and add the posixgroup attribute.  I then
> > simply add users who have previously had the posixAccount attribute
> > added to their definition.
> 
> I think instead of "add attribute" you meant to say "add auxiliary
> object class".
> 
> But please note that the object classes groupOfNames/groupOfUniqueNames
> and posixGroup are all defined as STRUCTURAL. Strictly speaking in the
> spirit of LDAPv3 compliance an entry can only have exactly one
> STRUCTURAL object class (including the inherited STRUCTURAL object
> classes). Although the 389 DS does not prevent you from creating an
> entry like this
> 
> objectClass: groupOfUniqueNames
> objectClass: posixGroup
> 
> you shouldn't do that since it might lead to interop problems.
> 
> >  I also find in RedHat style systems that I
> > need to add the posixgroup attribute to the users. 
> 
> ???
> 
> 'posixGroup' is an auxiliary object class containing the members' 'uid'
> value in its multi-valued attribute 'memberUid'. Despite the issues with
> STRUCTURAL I don't see any reason to add this object class to a person
> or account entry anyway.
> 
> Ciao, Michael.
<snip>
Thanks very much for the clarification as I am (obviously) LDAP
ignorant.  Yes, I did mean add an objectclass.  Unfortunately, I think
we're a bit stuck because of RedHat's (useful) use of user groups.
Since most of the user directory files are owned by a group with the
same name as the user, I have major issues if I do not do this.  I
suppose the correct solution would be to create a group of the same name
but then we hit potential problems with non-unique cn if we match uid
and cn and preserve uniqueness.  What do others do? Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux