forked from extern/egroupware
changes thanks to Aleksander Adamowski of the developers list
This commit is contained in:
parent
27da7f6edb
commit
6b005761e4
@ -6,7 +6,8 @@ eGroupWare needs no more special LDAP schemas since version 1.3.007:
|
||||
- valid Groups have a posixGroup object class and store there members in the memberuid attribute.
|
||||
|
||||
If you want to use group-addressbooks in LDAP, the ACL requires that groups get expanded by the LDAP server.
|
||||
To do so, we need to use groupOfNames together with posixGroup (groupOfNames stores the dn, posixGroup only the uid).
|
||||
To do so, we need to use groupOfNames together with posixGroup (groupOfNames stores the dn in the member
|
||||
attribute, posixGroup only the uid in the memberUid attribute).
|
||||
If your LDAP uses the original nis.schema, posixGroup is a structural object and can NOT be used together!
|
||||
Newer SuSE distributions use a rfc2307bis schema, which can be used on other distributions too
|
||||
(instead of the nis.schema, NOT together). The schema is in the same directory as this README.
|
||||
@ -15,6 +16,7 @@ To change to the rfc2307bis.schema (not needed with newer SuSE distros!):
|
||||
----------------------------------
|
||||
- create an ldif from your ldap: slapcat > my.ldif
|
||||
- add objectclass groupOfNames to every group (only the groups!)
|
||||
- change every occurence of "structuralObjectClass: posixGroup" to "structuralObjectClass: groupOfNames"
|
||||
- edit your slapd.conf:
|
||||
+ remove the include of the nis.schema
|
||||
+ include the rfc2307bis.schema in this dir
|
||||
@ -26,4 +28,15 @@ To change to the rfc2307bis.schema (not needed with newer SuSE distros!):
|
||||
eGroupWare detects if it can use groupOfNames together with posixGroup and fills the member attribute,
|
||||
if you edit the group or changes the members.
|
||||
|
||||
To create a dedicated LDAP account for eGroupWare, you can use the following sample LDIF:
|
||||
cn=eGroupWare,dc=domain,dc=com
|
||||
cn: eGroupWare
|
||||
objectClass: person
|
||||
sn: eGroupWare
|
||||
userPassword: SOME_LONG_RANDOM_PASSWORD
|
||||
|
||||
To give eGroupWare permission to manage the groups, you can use the following ACL:
|
||||
access to dn.subtree="ou=groups,dc=domain,dc=com"
|
||||
by dn="cn=eGroupWare,dc=domain,dc=com" write
|
||||
|
||||
Ralf
|
||||
|
@ -79,6 +79,7 @@ attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTRINGS caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
|
||||
|
Loading…
Reference in New Issue
Block a user