LDAP membership represented by memberUid and uniqueMember

Hi, I have a general considerations, I think that sabayon
should pick
a profile based on group ldap membership represented by a
single entry
under the group DN with a union of RFC 2307
posixGroup(memberUid) and
RFC 2256 groupOfUniqueNames(uniqueMember)

I'm using sabayon with Fedora Directory Server(FDS), this
instead of
using the attribute "memberUid"(posixGroup) for
profile based on
group, FDS uses the attribute "uniqueMember", the
difference between
both is based in that with "uniquemember" sabayon
should received a DN
component, for example:

dn: cn=Users,ou=Groups,dc=,dc=example, dc=com
gidNumber: 1001
objectClass: groupOfUniqueNames
uniqueMember: uid=janeth,ou=People,dc=example,dc=com
uniqueMember: uid=michael,ou=People,dc=example,dc=com
uniqueMember: uid=john,ou=People,dc=example,dc=com
cn: Users

The query filter with 'memberUid' acctually in use based in
user.xml
"(uid=%u)" is:
uid=jhon
The query filter with 'uniqueMember' for sabayon based in
user.xml
"(uid=%u)" is:
uid=uid=john,ou=People,dc=example,dc=com

I suppose that the support for "uniqueMember" may
be enough with
taking the DN value and use some regular expression in
python for
filter the uid.

Maybe someone can plan the integration of
"uniqueMember" in the future
with sabayon, in FDS 'memberUid' is support for the schema,
neverthless I have to keep that added _redundant_ groups
entry such as
'memberUid' and 'uniqueMember' for my existing groups and
sabayon
groups:

dn: cn=Users,ou=Groups,dc=,dc=example, dc=com
gidNumber: 1001
objectClass: groupOfUniqueNames
objectClass: posixGroup
uniqueMember: uid=janeth,ou=People,dc=example,dc=com
uniqueMember: uid=michael,ou=People,dc=example,dc=com
uniqueMember: uid=john,ou=People,dc=example,dc=com
MemberUid: janeth
MemberUid: michael
MemberUid: john
cn: Users

Maybe should considerate that posixGroup is being
deprecated, please
visit a discussion in
http://www.mail-arch
ive.com/ldaplistserver.itd.umich.edu/msg00324.html

--
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD
BEA2 A4B2 1E8A
_______________________________________________
sabayon-list mailing list
sabayon-listgnome.org
h
ttp://mail.gnome.org/mailman/listinfo/sabayon-list

Wilmer Jaramillo M. escribió:
> dn: cn=Users,ou=Groups,dc=,dc=example, dc=com
> gidNumber: 1001
> objectClass: groupOfUniqueNames
> objectClass: posixGroup

You mixed posixGroup and groupOfUniqueNames, which is not
possible under
the nis.schema currently distributed by OpenLDAP AFAICT, see
why below.

> Maybe should considerate that posixGroup is being
deprecated, please
> visit a discussion in
> http://www.mail-arch
ive.com/ldaplistserver.itd.umich.edu/msg00324.html

RFC 2307bis doesn't show up on the IETF RFC page, so RFC
2307 is still
authoritative and posixGroup is still structural. I think,
however, that
most of the support needed for this is already available on
libnss-ldap.

What is your exact proposal for changes in Sabayon? I
currently have
both groupOfUniqueNames and posixGroups in several of my
directories
with no worries.

Jose
_______________________________________________
sabayon-list mailing list
sabayon-listgnome.org
h
ttp://mail.gnome.org/mailman/listinfo/sabayon-list