A very common way of creating a group is to use the standard ldap schema objectClass groupOfUniqueNames which has a multi-value attribute uniqueMember the syntax of which is a DN (Rather than a CN or UID type value).

It would be really useful to allow this sort of group.

Comments

johnbarclay’s picture

So where are groupOfUniqueNames and uniqueMember found? Can you make up an example to illustrate? I've googled around and haven't found anything too useful. Also can you add this request to the drupal.org/project/ldap project also?

Haqa’s picture

Openldap defines groupOfUniqueNames and uniqueMember in core.schema.

They are discribed in RFC2256, groupOfUniqueNames in section 7.18 and uniqueMember in section 5.51.

An example LDIF fragement might resemble

dn: cn=group1,ou=groups,dc=example,dc=com
cn: group1
objectClass: groupOfUniqueNames
description: An optional description
uniqueMember: cn=user1,dc=example.com,ou=Domains,dc=example,dc=com
uniqueMember: cn=user2,dc=example.com,ou=Domains,dc=example,dc=com
uniqueMember: cn=user3,dc=example.com,ou=Domains,dc=example,dc=com
cgmonroe’s picture

Version: 6.x-1.0-beta1 » 6.x-1.x-dev
Status: Active » Fixed

Not sure when it went in but the -dev version has supported this for a while. The latest dev updated the ldapgroups admin ui and has text that talks about it.

For details about recent changes see: #1475272: 6.x-1.0 Release Candidate 1 Status

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.