<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
The discussion of [{$pagename}] is more a discussion of [Member] vs [uniqueMember] as other than these two attributes they behave the same.

There are of course some differences between [LDAP Server Implementations], but these two attributes are the primary differences.

! [groupOfNames]
[groupOfNames] stores its members in the [Member] attribute using [FDN] as the value.

! [groupOfUniqueNames]
[groupOfUniqueNames] stores its members in the [uniqueMember] attribute also using [FDN] as value.

[uniqueMember] attribute however is designed to be able to hold an extra unique identifier to tell the difference between two [FDN]'s who have the same value in a group. 

Multiple objects, at different times, can be named by the same [FDN]. 

For instance, uid=adam,dc=example may at one time refer an object representing &quot;Adam Smith&quot; and at another time refer to an object representing &quot;Adam Jones&quot;.

This new entry is added with the same [FDN], but it is a different person. This person needs access to the group, but you need a way to
differentiate between this recent addition and the earlier [FDN].

If you have several thousand members, simply deleting the earlier DN may not be a reasonable option.

[Example]: If 
{{{ ou=1st Battalion,o=Defense,c=US 
}}}

is a battalion that was disbanded, establishing a new battalion with the &quot;same&quot; name would have a unique identifier value added, resulting in:  
{{{ ou=1st Battalion, o=Defense,c=US#'010101'B 
}}}

!! [MemberUid]
While we are speaking about [Member] and [UniqueMember] we should probably mention [MemberUid] which is used in [PosixGroup].

In the original [RFC2307Schema], the [MemberUid] was represented as a [RDN] value similar to &quot;jwilleke&quot; vs an FDN of cn=jwilleke,ou=People,dc=willeke,dc=com.

The [SchemaRFC2307Bis] is a modification of the [RFC2307Schema] where [posixGroup] is auxiliary __and__ the [SchemaRFC2307Bis], which requires that NSS_LDAP be capable to support the [SchemaRFC2307Bis], which allows you to use groups of [FDN]s to represent posixGroups rather than groups of [MemberUid]s (or [RDN] values).

In [SchemaRFC2307Bis] the requirement of NSS_LDAP is the NSS library also maintains a cache of DN-&gt;uid lookups (called the dn2uid cache) in a db file to speed things up.  Since PAM &amp; NSS LDAP was made by [PADL.COM|http://www.padl.com/|target='_blank'], they produced the [SchemaRFC2307Bis] file.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>