Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 302310

Summary: Inclusion of rfc2307bis to net-nds/openldap
Product: Gentoo Linux Reporter: Eric Thibodeau <kyron>
Component: [OLD] ServerAssignee: Gentoo LDAP project <ldap-bugs>
Status: RESOLVED FIXED    
Severity: enhancement CC: barzog, gurligebis, hojuruku, southen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Eric Thibodeau 2010-01-26 14:26:47 UTC 
The groupOfNames objectclass is becoming more and more required for proper authorization (ie: Joomal LDAP plugins assume an MSAD, which trickles down to the memberOf and member attributes existing).

Unfortunately, the groupOfNames lacks the required posixGroup provided attributes for proper interaction in...a POSIX environment. The rfc2307bis.schema changes posixGroup from STRUCTURAL to AUXILIARY, giving us the ability to use both objectclass for a given group.

nss_ldap has support for using rfc2307bis, so providing the schema shouldn't trigger a chain of bugs either.

From simonrvn on #ldap, I was givent the following link to the schema http://simonraven.kisikew.org/src/ldap/rfc2307bis.schema ...I was unable to find a more 'authoritative' source...


Reproducible: Always
Comment 1 Eric Thibodeau 2010-01-26 14:51:21 UTC 
I forgot to mention that the RFC2307bis.schema (obviously) supersedes the nis.schema (being RFC2307)... But people using these should already know this ;)
Comment 2 Eric Thibodeau 2010-01-26 15:52:24 UTC 
...sigh...ok, so the schema linked above needs the two first entries commented out for the same reason they are commented out in nis.schema; uidNumber and gidNumber are 'builtin' attributes.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-12 21:12:04 UTC 
Added in 2.4.28-r1.
Comment 4 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-03-22 20:26:49 UTC 
Reopening, it seems simonraven.kisikew.org has gone offline (no more DNS record).

Got any other sources?
Comment 5 Sebastian Southen 2012-04-28 09:39:48 UTC 
The authoritative source is (currently) sections 3 and 4 of http://tools.ietf.org/html/draft-howard-rfc2307bis-02
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-05-25 22:22:29 UTC 
Ok, I extracted it manually and included in 2.4.31.