I would advise that groupOfNames is a "better" option, as the

Generally though, I think that it's better to ask "what are you trying

> On 10 Sep 2019, at 22:14, Weigel Stefan <stefan_weigel(a)genua.de&gt; wrote: > > Hi, > I need a little help with two topics: > > 1. users should be able to use a simple web frontend to change ldap > password and manage ssh pubkeys. > We evaluated Fusion Directory (https://www.fusiondirectory.org/) for this. > In Fusion Directory group membership is using groupofnames rather than > groupofuniquenames used in 389. I played around but can't find a > solution to fix this. I tried to modify > > cn=group,cn=defaultobjectclassescontainer,ou=1.1,ou=admin,ou=global > preferences,ou=genua.de,o=netscaperoot -> nsDefaultObjectClass from > groupofuniquenames to groupofnames > > and renamed > > cn=groupofuniquenames,cn=ResourceEditorExtension,ou=1.1,ou=Admin,ou=Global > Preferences,ou=genua.de,o=netscaperoot > to > cn=groupofnames,cn=ResourceEditorExtension,ou=1.1,ou=Admin,ou=Global > Preferences,ou=genua.de,o=netscaperoot > > but in 389-console it shows me message: uniqueMember is not allowed. > > Is it possible to change the default object class of the group? How to > to do it? > > Otherwise could you point me to a simple webgui to edit values? 389 supports both of these in schema: ################################################################################ # objectClasses: ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( cn ) MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-ORIGIN 'RFC 4519' ) # ################################################################################ # objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST ( cn ) MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-ORIGIN 'RFC 4519' ) I would advise that groupOfNames is a "better" option, as the functionality of groupOfUniqueNames is subtle and generally not worth the extra effort. MemberOf and most of our tooling is designed to use GroupOfNames by default, so perhaps see if that can work for you? > > 2. When creating a user object under I want to trigger some post actions > (create directories, copy files, etc.) > As I understand this should be possible with the plugins. I'm asking > myself if there's already such a plugin or could you provide me some > more infos. You would likely need to develop this. We have had some interest in a dbus plugin that can notify on changes in the past, but we haven't had serious requests for this in some time. Another option is to write an ldap client that uses syncrepl to monitor for changes which could then trigger actions as required. Generally though, I think that it's better to ask "what are you trying to achieve". LDAP isn't really designed to "block" and manage files, as it would be a performance limit. If you want to do things like dynamically create home directories you could consider pam_oddjobd or similar instead. > > > > Thanks in advance, > > Stefan > _______________________________________________ > 389-users mailing list -- 389-users(a)lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje... — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users(a)lists.fedoraproject.org To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...