[Freeipa-devel] How to implement Magic Private Groups in FreeIPA ?
Simo Sorce
ssorce at redhat.com
Thu Nov 12 16:08:40 UTC 2009
On Thu, 2009-11-12 at 10:37 -0500, Dmitri Pal wrote:
> > So killing two birds with one stone we are thinking of introducing a
> new
> > attribute called posixName that has a case sensitive syntax and does
> not
> > conflict with other uses of uid and cn. We will probably still set
> uid
> > on users and cn on groups but they will be kept in sync with
> posixName
> > (except for cn on user accounts that holds the full name).
> >
> >
>
> So posixName will be a part of the user account object and group
> object,
> right?
> Can you please add more details here?
Correct,
we would switch to primarily use posixName for users and groups names.
A group entry would probably look like this (from memory):
cn=newgroup,cn=groups,cn=accounts,dc=example,dc=com
objectclass: nestedgroup
objectclass: posixGroup
objectclass: ipaPosixName
cn: newgroup
posixName: newgroup
member: ...
member: ...
When searching for this group we would use a query like:
'(&(objectClass=posixGroup)(posixName=newgroup))'
Same for users.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list