rfc2307bis-2 extended support is missing for many groups style

[mikefaille]

rfc2307bis-2 extended support.

I actually want PosixGroup defined as AUXILIARY to mix PosixGroup and group like :

• groupOfNames using "member" attribute
• groupOfUniquesNames from rfc2307bis using "uniqueName" attribute
• groupOfMembers from rfc2307bis-02 using "member" attribute

Actually, groupOfUniquesNames and groupOfMembers is not supported.

And, if I want "memberOf" overlay from Openldap, I really need to use "uniqueName" style as input for member.

The main difference between "uniqueName" and "member" attribute is :

• uniqueName : require FDN/dn as input. FDN/dn example: cn=admin,dc=cedille,dc=ens,dc=etsmtl,dc=ca
• member : require RDN as input. (FND is permitted from rfc2307bis-02). RDN example : cn=admin

[mikefaille]

And Microsoft seems to implement groupOfUniqueNames as group objectClass by default for Active Directory : https://msdn.microsoft.com/en-us/library/ms682261(v=vs.85).aspx

Then actually, my biggest question before deep investigation is :
How much effort I must done to implement groupOfUniqueNames ?

My initial investigation for the last question : https://github.com/fusiondirectory/fusiondirectory/search?utf8=%E2%9C%93&q=groupofnames&type=Code

[bilbo-the-hobbit]

hello,

did you try the mixedgroups plugin, he doesnt support all the various you ask for but the first of the three should be. So if you would implement something you should look here.

We certainly welcome a patch for inclusion

Cheers

[mikefaille]

I'll try this later this day if it's possible. Thanks ! :-)

[mikefaille]

I'll test it soon as possible finally. See you.

[MCMic]

FusionDirectory provides mixed-groups plugin to use posixGroup as auxilliary with the non-standard schemas.
We use groupOfNames for groups and put the full dn in the member attribute, I’ve never heard that member could contain only RDN. Where did you get that information from?
Here on zytrax for instance: http://www.zytrax.com/books/ldap/ch5/step2.html#step2-groups -> «member: dn defines the member(s) of the group by their DN.».

[mikefaille]

Thank you @MCMic, It help me ! With you and this link I know better the difference between
GroupOfUniqueNames and GroupOfNames : https://ldapwiki.willeke.com/wiki/GroupOfUniqueNames%20vs%20groupOfNames

[bilbo-the-hobbit]

Hello,

did you get further with what you wanted to achieve

Cheers

[mikefaille]

I'll complete my work after my university exam this june 18. Sorry for the delay.

[bilbo-the-hobbit]

hello,

no problem.

Have a nice day

[bilbo-the-hobbit]

hello,

any new about this ?

Cheers

[mikefaille]

Yes, it work perfectly !

To prepare Debian slapd using dpkg reconfigure, I must replace nis schema by rfc2307bis
https://github.com/mikefaille/docker-debian-ldap/blob/master/Dockerfile#L27

And, I use mixed-groups.

Bragging rights :
And, actually, I develop one of the most complete docker image for Fusion Directory ( let me one hour to upload my Docker and document my stuff ).

• Slapd : https://github.com/mikefaille/docker-debian-ldap
• Fusion directory : https://github.com/mikefaille/docker-debian-fusiondirectory

Update : follow the next comments. I move my projet to student club named CEDILLE for now.

[bilbo-the-hobbit]

hello,

nice to hear i will recommend you docker image to some people wanting that.

if we have enough time we could make them official for FusionDirectory :)

Cheers

[mikefaille]

Cool. Maybe, we can create a new issue to manage a release version (it's not ready for public but for tomorrow, yes). Eventually, I want kubernetes compatibility.

[mikefaille]

@bilbo-the-hobbit It will be great if you accept to host my work in your github organisation.

[mikefaille]

I just update my code (for now, the projet is at my student club).

It suppose to be ready for testing. Maybe, I need some tester. For quickstart, just check my README.md on clubcedille/docker-debian-fusiondirectory :

• https://github.com/clubcedille/docker-debian-fusiondirectory
• https://github.com/ClubCedille/docker-debian-ldap

[bilbo-the-hobbit]

hello,

let move your docker image in another PR for inclusion by us, i will close this bug report

Cheers