[389-users] posixGroup
Michael Ströder
michael at stroeder.com
Thu May 21 13:28:49 UTC 2009
John A. Sullivan III wrote:
> On Thu, 2009-05-21 at 18:07 +0600, Dmitry Amirov wrote:
>> Hello.
>>
>> My question is simple. I need to create unix group. If i try to do this
>> via New->Group, then i can't see posixGroup. So i can add posixGroup
>> only manually by adding needed attributes. But i want to add via console
>> such as i can add new user.
> <snip>
> If I correctly understand what you want, what I typically do is create
> the group, click on Advanced and add the posixgroup attribute. I then
> simply add users who have previously had the posixAccount attribute
> added to their definition.
I think instead of "add attribute" you meant to say "add auxiliary
object class".
But please note that the object classes groupOfNames/groupOfUniqueNames
and posixGroup are all defined as STRUCTURAL. Strictly speaking in the
spirit of LDAPv3 compliance an entry can only have exactly one
STRUCTURAL object class (including the inherited STRUCTURAL object
classes). Although the 389 DS does not prevent you from creating an
entry like this
objectClass: groupOfUniqueNames
objectClass: posixGroup
you shouldn't do that since it might lead to interop problems.
> I also find in RedHat style systems that I
> need to add the posixgroup attribute to the users.
???
'posixGroup' is an auxiliary object class containing the members' 'uid'
value in its multi-valued attribute 'memberUid'. Despite the issues with
STRUCTURAL I don't see any reason to add this object class to a person
or account entry anyway.
Ciao, Michael.
More information about the Fedora-directory-users
mailing list