On 07/06/2010 10:22 AM, Daniel Maher wrote:
On 07/06/2010 07:04 PM, Nathan Kinder wrote:
>> To clarify then, for the uids, instead of this :
>>
>> dnafilter: (|(objectclass=posixAccount)(objectclass=posixGroup))
>>
>> It should be this :
>>
>> dnafilter: (objectclass=posixAccount)
>>
>> ?
>>
>>
> Yes, that is correct. The current setting you have causes DNA to add a
> "uidNumber" attribute to newly created "posixAccount" and
"posixGroup"
> entries. You only want DNA to add the "uidNumber" attribute to
> "posixAccount" entries.
>
That makes sense. Somebody may wish to update the Howto on the
documentation site. :)
I'll update the how-to.
In the upcoming 1.2.6 release, I've added support for multi-attribute
ranges, which could be used for your use-case as well (I know we've
discussed this on list a while back). Basically, you would set up a
single DNA range with multiple "dnaType" values, such as uidNumber and
gidNumber in this case. You would then set the "dnaFilter" to
"(|(objectClass=posixAccount)(objectClass=posixGroup))". With a
multi-attribute range, you must specify the magic value for any
attribute that you want DNA to generate a value for. This means you
could share a single range of values across your posixAccount and
posixGroup entries instead of having two separate ranges.
Thanks !