Re: dscl behavior different from WGM

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: dscl behavior different from WGM

Andre LaBranche

On Feb 29, 2008, at 12:40 PM, Noah Abrahamson wrote:

> I'm trying to expedite populating groups in /LDAPv3/127.0.0.1, so  
> I'm using dscl. I'm noticing the behavior is different than using  
> Workgroup Manager, though I don't know if this is expected or not.
> ...
>
> If I look further using the "inspector" in WGM, it seems dscl added  
> users as values to the GroupMembership attribute and to the Member  
> attribute, but not in the GroupMember attribute, which has GUIDs.  
> As a consequence, I only see the user1 entered via WGM -- though, in  
> effect, all users are there.
>
> Which kind of stinks, because I want to be able to use dscl, but  
> some of my colleagues might want to use WGM and might not see that  
> there are additional users in this group. While using WGM takes too  
> long to do lookups, one-by-one.

This sounds like the difference between 'legacy' groups and ...  
whatever the new hotness is called, which supports nested groups and  
all that. As suggested by Kyle, using dseditgroup should provide  
results consist with what WGM produces.

HTH,
-Andre
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/lists%40nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: dscl behavior different from WGM

Rene Schaetzl
Noah,

just rechecked.

It looks like following Apples -ahem- 'great' documentation on  
commandline documentation turns out to be wrong again. Using the dscl  
append as documented only adds the memberUid to the group. Which ought  
to be okay for most LDAP apps, as they don't rely on the apple schema  
data.

What that doesn't do is to add a 'apple-group-memberguid' attribute  
containing the users added and it looks like at least WGM only cares  
about that (not sure probably other Apple apps too).

But
        append <groupname> GroupMembers <apple-generateduid>
should help.

Something more to add to my  user generation script.

-- René



On 1 Mar 2008, at 04:40, Noah Abrahamson wrote:

> I'm trying to expedite populating groups in /LDAPv3/127.0.0.1, so  
> I'm using dscl. I'm noticing the behavior is different than using  
> Workgroup Manager, though I don't know if this is expected or not.
>
> Let's say I have a group already called /LDAPv3/127.0.0.1/Groups/
> Authors.  If I want to add people from our central campus  
> directory, /LDAPv3/ldap.stanford.edu into this group, I can use WGM,  
> click on the + sign, enter a username (eg, user1), wait for about  
> fifteen seconds, then drag the entity into my ODM group.
>
> Or, I can do something like use dscl and do
>
> myserver:~ nbfa$ dscl localhost
> > cd /LDAPv3/127.0.0.1/Groups/
> /LDAPv3/127.0.0.1/Groups > append authors GroupMembership user2  
> user3 user4
>
> But if I examine the group later in WGM, there are behavior  
> differences.
>
> With WGM, I would only see the list populated with the entity pulled  
> via WGM.
>
> I can do a read in dscl and see all the users done by both dscl and  
> WGM.
>
> If I look further using the "inspector" in WGM, it seems dscl added  
> users as values to the GroupMembership attribute and to the Member  
> attribute, but not in the GroupMember attribute, which has GUIDs.  
> As a consequence, I only see the user1 entered via WGM -- though, in  
> effect, all users are there.
>
> Which kind of stinks, because I want to be able to use dscl, but  
> some of my colleagues might want to use WGM and might not see that  
> there are additional users in this group. While using WGM takes too  
> long to do lookups, one-by-one.
>
>
>
> Noah
>
>
> -------------------
> Noah Abrahamson
> Stanford University
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/macos-x-server/rschaetzl%40wab.edu
>
> This email sent to [hidden email]
-----
Rene Schaetzl
IT Exorcist - Western Academy of Beijing





 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/lists%40nabble.com

This email sent to [hidden email]

smime.p7s (3K) Download Attachment