How to combine kolab and posix groups

Gunnar Wrobel wrobel at pardus.de
Fri Apr 23 21:27:01 CEST 2010


Quoting Alexander Gran <alexg at moduleworks.com>:

> Am Donnerstag 22 April 2010 17:53:36 schrieb Gunnar Wrobel:
>> Look at the core feature of a group: A group combines a number of
>> members. If you look at the posixGroup you see that its member
>> attribute is "memberUid" which identifies a user by the uid he has on
>> a system. The kolabGroupOfNames however derives from groupOfNames and
>> that uses the "member" attribute which is a DN within the LDAP tree.
>> This is something completely different than the uid for the posixGroup.
>>
>> I do not deny that there may be a mapping. But that mapping cannot be
>> defined by simply merging the two object types. I'm interested to read
>> about how Christian solved this problem.
>
> Well, I see a difference between kolab and Posix Groups: posix groups contain
> only PosixAccounts (if you ignore the possibility that other classes could
> have a uid attribute as well), whereas kolabGroups can contain  
> anything in the
> ldap, including e.g. other groups.
> BUT:
> As far as I can see, kolab goups contain just user accounts, and these are -
> at least for me - posixAccounts. When I try to add a group to a group I
> thereofre get:
> Errors:
> No user with email address, UID or alias customersmachsim at moduleworks.com
>
> Therefore I don't (yet?) see the need for the difference?

As I said: I do not deny that there may be a mapping. In your case there is.

But both object classes were designed so that you *can* use them for  
something different. The way LDAP and object classes work there is no  
way around the current situation. Both definitions are incompatible.

Nobody stops you from either extending the kolabGroupOfNames with a  
"uid" attribute and adapt your system to accept this as "posixGroup"  
or to recode the affected Kolab server components so that they work  
with posixGroups. Both is probably hard.

But as mentioned before: It is not possible to combine the two groups  
as the people that originally created these object classes had  
different intentions for them.

Cheers,

Gunnar

>
> regards
> Alex
>
> --
>
> Dipl. Inform. Alexander Gran, MBA
> alexg at moduleworks.com
> http://www.moduleworks.com
> SkypeID: mw_alexg
> M: +49(0)163/5598933
>
> ModuleWorks GmbH
> Ritterstraße 12a
> 52072 Aachen
> HRB 11871
> Amtsgericht Aachen
> Geschäftsführer Yavuz Murtezaoglu
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information.
> If you have received it in error, please notify the sender immediately
> and delete the original.
> Any other use of the email by you is prohibited.
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/users/attachments/20100423/d57e8f6a/attachment.sig>


More information about the users mailing list