John A. Sullivan III wrote:
On Thu, 2009-05-21 at 18:07 +0600, Dmitry Amirov wrote:
> My question is simple. I need to create unix group. If i try to do this
> via New->Group, then i can't see posixGroup. So i can add posixGroup
> only manually by adding needed attributes. But i want to add via console
> such as i can add new user.
If I correctly understand what you want, what I typically do is create
the group, click on Advanced and add the posixgroup attribute. I then
simply add users who have previously had the posixAccount attribute
added to their definition.
I think instead of "add attribute" you meant to say "add auxiliary
But please note that the object classes groupOfNames/groupOfUniqueNames
and posixGroup are all defined as STRUCTURAL. Strictly speaking in the
spirit of LDAPv3 compliance an entry can only have exactly one
STRUCTURAL object class (including the inherited STRUCTURAL object
classes). Although the 389 DS does not prevent you from creating an
entry like this
you shouldn't do that since it might lead to interop problems.
I also find in RedHat style systems that I
need to add the posixgroup attribute to the users.
'posixGroup' is an auxiliary object class containing the members'
value in its multi-valued attribute 'memberUid'. Despite the issues with
STRUCTURAL I don't see any reason to add this object class to a person
or account entry anyway.