Or just create your own schema extension to cover what you need. Its very easy to
accomplish as long as you plan it right. Coming from AD land you're probably
convinced to stay in the "box" that ms constrains you into but its very doable.
If your converting just use the same or near the same data type for group ID and naming.
it makes it that much easier to port your app over to the new environment. There are
differences in the way 389 and AD behave but its not that big and can be overcome easily
to ease app migration.
From: Angel Bosch Mora <angbosch(a)conselldemallorca.net>
To: General discussion list for the 389 Directory server project.
<389-users(a)lists.fedoraproject.org>
Cc:
Sent: Friday, January 7, 2011 7:57:00 PM
Subject: Re: [389-users] Questions about groups and group IDs
----- Missatge original -----
We are planning out how we are going to move from Active Directory
to
389-ds. We can add users to our test environment successfully, and
give the accounts the proper information (uid, shell, etc.). However,
1 area that we are getting stumped at is groups. In our Active
Directory currently, we have several groups that we put our users into
based on their function.
Those groups have unique group IDs. However, when I make a group on
389-ds, I don't have any way of specifying a group ID. I can make a
new user and give it a group ID by default, but that group ID doesn't
exist anywhere and I can't find where to assign it or create it. Any
ideas on this?
you need to use objectClass: posixGroup in your group template. in theory posixGroup and
groupOfNames are structural object classes and cannot be combined, but in practice
there's a variation of the RFC that allows to use posixGroup as auxiliar.
http://osdir.com/ml/ldap.umich/2006-07/msg00015.html
regards,
abosch
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users