brendan kearney wrote:
So the OS wont actually recognize the groupOfNames group, but by
adding the
posix class and attributes, it can recognize the group name and gid?
The OS needs at least the POSIX-GID. Without it it's not a POSIX group at OS
level.
You have to fiddle with schema installed at your LDAP server to use the
RFC2307bis schema.
Note that migrating to this schema might exclude older NSS LDAP clients from
using this data.
In a former project for maintaining backwards compability I defined a hybrid
class for group entries derived from 'posixGroup' and 'groupOfNames'
containing 'memberUID' (RFC2307) and 'member' (RFC2307bis) attributes.
web2ldap's built-in group admin feature maintains both in sync. Whatever
client you're using would have to also do this.
Ciao, Michael.