Or just create your own schema extension to cover what you need. Its very easy to accomplish as long as you plan it right. Coming from AD land you're probably convinced to stay in the "box" that ms constrains you into but its very doable. If your converting just use the same or near the same data type for group ID and naming. it makes it that much easier to port your app over to the new environment. There are differences in the way 389 and AD behave but its not that big and can be overcome easily to ease app migration.
From: Angel Bosch Mora <angbosch@xxxxxxxxxxxxxxxxxxxxx>
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Cc:
Sent: Friday, January 7, 2011 7:57:00 PM
Subject: Re: [389-users] Questions about groups and group IDs
----- Missatge original -----
> We are planning out how we are going to move from Active Directory to
> 389-ds. We can add users to our test environment successfully, and
> give the accounts the proper information (uid, shell, etc.). However,
> 1 area that we are getting stumped at is groups. In our Active
> Directory currently, we have several groups that we put our users into
> based on their function.
>
> Those groups have unique group IDs. However, when I make a group on
> 389-ds, I don't have any way of specifying a group ID. I can make a
> new user and give it a group ID by default, but that group ID doesn't
> exist anywhere and I can't find where to assign it or create it. Any
> ideas on this?
>
you need to use objectClass: posixGroup in your group template. in theory posixGroup and groupOfNames are structural object classes and cannot be combined, but in practice there's a variation of the RFC that allows to use posixGroup as auxiliar.
http://osdir.com/ml/ldap.umich/2006-07/msg00015.html
regards,
abosch
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Cc:
Sent: Friday, January 7, 2011 7:57:00 PM
Subject: Re: [389-users] Questions about groups and group IDs
----- Missatge original -----
> We are planning out how we are going to move from Active Directory to
> 389-ds. We can add users to our test environment successfully, and
> give the accounts the proper information (uid, shell, etc.). However,
> 1 area that we are getting stumped at is groups. In our Active
> Directory currently, we have several groups that we put our users into
> based on their function.
>
> Those groups have unique group IDs. However, when I make a group on
> 389-ds, I don't have any way of specifying a group ID. I can make a
> new user and give it a group ID by default, but that group ID doesn't
> exist anywhere and I can't find where to assign it or create it. Any
> ideas on this?
>
you need to use objectClass: posixGroup in your group template. in theory posixGroup and groupOfNames are structural object classes and cannot be combined, but in practice there's a variation of the RFC that allows to use posixGroup as auxiliar.
http://osdir.com/ml/ldap.umich/2006-07/msg00015.html
regards,
abosch
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
