PosixGroup is one of the ObjectClass Types to represent the POSIX Database group POSIX systems.

Defined in the RFC2307Bis Schema the PosixGroup has a few items that are worth noting.


Should MemberUid be DNs or uids?

2307Bis says:
"Group members may either be login names (values of memberUid) or Distinguished Names (values of uniqueMember). In the uniqueMember, the Distinguished Names must be mapped to one or more login names by examining the name's RDN or, if it is not distinguished by uid, performing a base search on the DN with a filter of "(objectclass=*)".

Which implies it could be either.

As PosixGroup is defined as AUXILIARY, it would typically be used to extend the groupOfNames objectClass. Since the groupOfNames contains the member attribute which is the DN of members, do we even need to bother with memberUid?

ObjectClass Definition#

The ObjectClass Type is defined as:

More Information#

There might be more information for this subject on one of the following:

--Martin, 27-Jun-2018 11:07