[sabayon] LDAP membership represented by memberUid and uniqueMember
- From: "Wilmer Jaramillo M." <wilmer fedoraproject org>
- To: sabayon-list gnome org
- Subject: [sabayon] LDAP membership represented by memberUid and uniqueMember
- Date: Wed, 10 Oct 2007 03:16:46 -0400
Hi, I have a general considerations, I think that sabayon should pick
a profile based on group ldap membership represented by a single entry
under the group DN with a union of RFC 2307 posixGroup(memberUid) and
RFC 2256 groupOfUniqueNames(uniqueMember)
I'm using sabayon with Fedora Directory Server(FDS), this instead of
using the attribute "memberUid"(posixGroup) for profile based on
group, FDS uses the attribute "uniqueMember", the difference between
both is based in that with "uniquemember" sabayon should received a DN
component, for example:
dn: cn=Users,ou=Groups,dc=,dc=example, dc=com
gidNumber: 1001
objectClass: groupOfUniqueNames
uniqueMember: uid=janeth,ou=People,dc=example,dc=com
uniqueMember: uid=michael,ou=People,dc=example,dc=com
uniqueMember: uid=john,ou=People,dc=example,dc=com
cn: Users
The query filter with 'memberUid' acctually in use based in user.xml
"(uid=%u)" is:
uid=jhon
The query filter with 'uniqueMember' for sabayon based in user.xml
"(uid=%u)" is:
uid=uid=john,ou=People,dc=example,dc=com
I suppose that the support for "uniqueMember" may be enough with
taking the DN value and use some regular expression in python for
filter the uid.
Maybe someone can plan the integration of "uniqueMember" in the future
with sabayon, in FDS 'memberUid' is support for the schema,
neverthless I have to keep that added _redundant_ groups entry such as
'memberUid' and 'uniqueMember' for my existing groups and sabayon
groups:
dn: cn=Users,ou=Groups,dc=,dc=example, dc=com
gidNumber: 1001
objectClass: groupOfUniqueNames
objectClass: posixGroup
uniqueMember: uid=janeth,ou=People,dc=example,dc=com
uniqueMember: uid=michael,ou=People,dc=example,dc=com
uniqueMember: uid=john,ou=People,dc=example,dc=com
MemberUid: janeth
MemberUid: michael
MemberUid: john
cn: Users
Maybe should considerate that posixGroup is being deprecated, please
visit a discussion in
http://www.mail-archive.com/ldap listserver itd umich edu/msg00324.html
--
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
