We're using the rfc2307bis ldap schema, which defines PosixGroup as AUXILARY, so that we can use groupOfNames as the structural object class.
Right now adding a group fails with this setup: [root@ldap1a schema]# lgroupadd test LDAP Bind Password: Group creation failed: error creating a LDAP directory entry: Object class violation
It would be great if libuser would support this setup. Maybe a setting in /etc/libuser.conf?
Thanks for your report.
libuser is currently does not support RFC2307bis, and adding the support requires more than a configurable structural object class - e.g. the DNs stored in "member" attributes would have to be resolved to login names.
There is no near-term plan to implement RFC2307bis - but I'd be happy to take patches.
(BTW, note that RFC2307bis-02 specifies the "groupOfMembers" structural object class, "groupOfNames" doesn't support empty groups.)
Thanks for your quick response!
libuser is currently does not support RFC2307bis, and adding the support requires more > than a configurable structural object class - e.g. the DNs stored in "member" attributes would have to be resolved to login names.
Right, I remember bumping into the same problem with some other tools in the past. nss_ldap does have some code which does this.
Ok, but I'm afraid I neither have the time or the skills to do that.
I didn't know there was a version 02 of that draft, thanks, I'll look into it.
Login to comment on this ticket.