#7 lgroupadd doesn't work if PosixGroup is not a structural object class
Opened 10 years ago by ruben. Modified 3 years ago

We're using the rfc2307bis ldap schema, which defines PosixGroup as AUXILARY, so that we can use groupOfNames as the structural object class.

Right now adding a group fails with this setup:
[root@ldap1a schema]# lgroupadd test
LDAP Bind Password:
Group creation failed: error creating a LDAP directory entry: Object class violation

It would be great if libuser would support this setup. Maybe a setting in /etc/libuser.conf?


Thanks for your report.

libuser is currently does not support RFC2307bis, and adding the support requires more than a configurable structural object class - e.g. the DNs stored in "member" attributes would have to be resolved to login names.

There is no near-term plan to implement RFC2307bis - but I'd be happy to take patches.

(BTW, note that RFC2307bis-02 specifies the "groupOfMembers" structural object class, "groupOfNames" doesn't support empty groups.)

Thanks for your quick response!

libuser is currently does not support RFC2307bis, and adding the support requires more > than a configurable structural object class - e.g. the DNs stored in "member"
attributes would have to be resolved to login names.

Right, I remember bumping into the same problem with some other tools in the past.
nss_ldap does have some code which does this.

There is no near-term plan to implement RFC2307bis - but I'd be happy to take
patches.

Ok, but I'm afraid I neither have the time or the skills to do that.

(BTW, note that RFC2307bis-02 specifies the "groupOfMembers" structural object
class, "groupOfNames" doesn't support empty groups.)

I didn't know there was a version 02 of that draft, thanks, I'll look into it.

Login to comment on this ticket.

Metadata