Hello All!

I’m curious if anyone knows how to get OD in 10.5 to offer up group membership as “groupOfNames” or “groupOfUniqueNames” etc. Basically, a fully qualified membership list.

Apple, for some reason, decided to use posixGroups, which give group membership as memberUid. So, some group called “foo” within cn=groups,dc=example,dc=edu, offers up members as “memberUiD : foouser1”.

What I need is to see members as, using the above example, “member : cn=foouser1,cn=users,dc=example,dc=edu”. Basically, if you’re bound to two directories that have different bases, this latter way allows for usernames to be the same on both directories without conflicting. With posixGroups, if I’m bound to two directories that are dc=example1,dc=edu, and dc=example2,dc=edu, and both have a user named “bob”, I have no way to tell where my search result came from, so I end up with two “memberUid: bob”. Woohoo.

I’m hoping this can be done with a mapping within OD, or a rewrite rule. Or, is there some way to just magically tell OD to also report groupOfNames or groupOfUniqueNames along with posixGroup info (since, both are in the schemas that Apple is importing with slapd).

Anybody? Joel? Please?