The RFC2307 aka "NIS" schema does not allow posixGroup
to have member
attributes – only memberUid
; you can see for yourself in the nis.schema
file, around line 175.
objectClass: posixGroup (structural)
cn: users
gidNumber: 1000
memberUid: daywalker
If you want to use member
and entry DNs when creating "system" (POSIX) groups, you will need to use the RFC2307bis schema, which changes posixGroup
into auxiliary so that it could be used with either groupOfNames
or groupOfMembers
classes:
objectClass: groupOfMembers (structural)
objectClass: posixGroup (auxiliary)
cn: users
gidNumber: 1000
member: uid=daywalker,ou=people,dc=foo
For other purposes (LDAP-only groups), just groupOfNames
or groupOfMembers
should be enough.