Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Provision groups with different rules

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Provision groups with different rules


Chronological Thread 
  • From: Francesco Malvezzi <>
  • To:
  • Subject: [grouper-users] Provision groups with different rules
  • Date: Wed, 01 Dec 2010 09:54:07 +0100
Hi all,

I would like to provision differently groups to ldap according to their
intended usage. Some groups are to be used as posixGroup, so they do
need gidNumber attributes, other are plain group or admninistrative
groups like etc:sysadmingroup.

These groups can be held in different stems, and if this helps, also in
different ou in ldap (while if it is possibile I would avoid it).

How I configure ldappcng to use different rules for different stems?

It looks to me that ldappcng.xml defines just one type of group.
Actually I could define more, but next come the question: how to
instruct ldappcng to use

<object id="posix_group" authoritative="true">
<identifier ref="group-dn" baseId="${groupsOU}">
<identifyingAttribute name="objectClass"
value="${groupObjectClass}" />
</identifier>
<attribute name="objectClass" ref="group-objectclass-eduMember" />
<attribute name="cn" />
<attribute name="description" />
<attribute name="gidNumber" />
<attribute name="isMemberOf" ref="groupIsMemberOf" />
<attribute name="memberUid" ref="hasMember" />
<attribute name="hasMember" ref="hasMember" />
<references name="member" emptyValue="" >
<reference ref="members-jdbc" toObject="member" />
<reference ref="members-g:gsa" toObject="group" />
</references>
</object>
or

<object id="plain_group" authoritative="true">
<identifier ref="group-dn" baseId="${groupsOU}">
<identifyingAttribute name="objectClass"
value="${groupObjectClass}" />
</identifier>
<attribute name="objectClass" ref="group-plain-objectclass" />
<attribute name="cn" />
<attribute name="description" />
<attribute name="isMemberOf" ref="groupIsMemberOf" />
<attribute name="memberUid" ref="hasMember" />
<attribute name="hasMember" ref="hasMember" />
<references name="member" emptyValue="" >
<reference ref="members-jdbc" toObject="member" />
<reference ref="members-g:gsa" toObject="group" />
</references>
</object>

(objectClass and the presence of gidNumber is different)?

What I'm missing? Thank you in advance,

Francesco

Archive powered by MHonArc 2.6.16.

Top of Page