How to combine kolab and posix groups

Gunnar Wrobel wrobel at pardus.de
Thu Apr 22 17:53:36 CEST 2010 

Quoting Alexander Gran <alexg at moduleworks.com>:

> Hi,
>
> I have an little issue here combining kolabs and unix groups. I'm managing my
> user accounts and groups with ldap account manager, and importing  
> the existing
> ones from a suse ox 5. Groups are created as posixGroup in ou=group,baseDN.
> nss access works fine, they appear as system groups.
> However I cannot use them in kolab, to .e.g. assign forlder rights to them.
> looking at the sources of admin/sharedfolder/sf.php I see that a  
> group must be
> of objectclass kolabGroupOfNames.
> As far as I understood ldap, you cannot combine that with the posixGroup
> schema. Both are structural.

Correct. You can't combine them. In fact I would say you should not  
even try do that.

Look at the core feature of a group: A group combines a number of  
members. If you look at the posixGroup you see that its member  
attribute is "memberUid" which identifies a user by the uid he has on  
a system. The kolabGroupOfNames however derives from groupOfNames and  
that uses the "member" attribute which is a DN within the LDAP tree.  
This is something completely different than the uid for the posixGroup.

I do not deny that there may be a mapping. But that mapping cannot be  
defined by simply merging the two object types. I'm interested to read  
about how Christian solved this problem.

Cheers,

Gunnar

>
> Any idea how to solve the mess?
>
> regards
> Alex
>
> --
>
> Dipl. Inform. Alexander Gran, MBA
> alexg at moduleworks.com
> http://www.moduleworks.com
> SkypeID: mw_alexg
> M: +49(0)163/5598933
>
> ModuleWorks GmbH
> Ritterstraße 12a
> 52072 Aachen
> HRB 11871
> Amtsgericht Aachen
> Geschäftsführer Yavuz Murtezaoglu
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information.
> If you have received it in error, please notify the sender immediately
> and delete the original.
> Any other use of the email by you is prohibited.
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/users/attachments/20100422/203021fa/attachment.sig>

More information about the users mailing list