Overview#

Group, groupOfUniqueNames, groupOfNames#

Generally we find these three "names" used for LDAP Group Names.

What is the difference? #

For the difference of groupOfUniqueNames vs groupOfNames is pretty clear.

For the difference between groupOfUniqueNames vs groupOfNames and Group, it is more difficult. Some LDAP Server Implementations will alias Group to groupOfNames. Usually, groupOfUniqueNames will be a separate and distinct name.

• EDirectory does alais all three as group.
• Microsoft Active Directory has implemented their own Group with a separate OID. Microsoft Active Directory does also provide the "standard" groupOfUniqueNames.

Summary of LDAP Groups#

DynamicGroups and Static groups#

Generally LDAP Groups are:

• DynamicGroups
• Static groups
• Virtual static groups - Some LDAP Server Implementations groups can be Virtual static groups (ie both).

Groups Are Bad#

We have never understood the fascination with groups within LDAP. We find they serve little purpose from an LDAP perspective.

Active Directory Groups#

Microsoft Active Directory implements their own Group which has some interesting facets

Groups Edirectory#

eDirectory has some interesting facets

Group Fix Tool#

Our Group Fix Tool for eDirectory will correct the groupMembership from an existing member attribute on the group.

PosixGroup#

The PosixGroup is used for POSIX group implementations and is used with PAM_LDAP

groupOfEntries#

This object class allows groups to be empty. In all other respects groupOfEntries behaves like the groupOfNames object class.

More Information#

There might be more information for this subject on one of the following:

• 2.5.6.9
• DynamicGroup
• Glossary Of LDAP And Directory Terminology
• Group
• Group-AD
• GroupOfEntries
• GroupOfNames
• Groups Are Bad
• Member Attribute
• Nested Groups
• Security Group
• Virtual static groups